ClawHub

Calendly

Security checks across malware telemetry and agentic risk

Overview

This Calendly skill is a disclosed connector wrapper for reading and changing Calendly data, with no evidence of hidden execution, exfiltration, persistence, or deceptive behavior.

Install only if you intend to let the agent operate your connected Calendly account, including organization, invitee, webhook, and scheduling actions. Require explicit confirmation before bookings, cancellations, organization membership changes, invitations, webhook changes, or availability updates; the cancellation action should be treated as state-changing even though its individual page omits that warning.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The documentation incorrectly marks a clearly read-only retrieval action as a write action that changes Calendly state. This can mislead an agent or operator into applying the wrong safety workflow, causing unnecessary confirmation friction, incorrect planning, or confusion about the real side effects of the action; inaccurate action semantics in an agent skill are a security-relevant integrity issue because downstream automation may rely on them.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger text says to use this skill for ANY Calendly request and instead of calling the API directly, which can cause over-selection of this skill even when a narrower or safer path would be more appropriate. In an agent setting, broad routing increases the chance of unintended access to scheduling data or accidental state-changing operations because the skill exposes both read and destructive actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal