ClawHub

Gmail to Calendar

Security checks across malware telemetry and agentic risk

Overview

The skill has a real Gmail-to-Calendar workflow, but it also exposes broader Gmail send, modify, trash, draft, and connection-management actions that are not tightly scoped to that purpose.

Install only if you intentionally want a Maton-backed tool with access to Gmail content and Google Calendar writes. Prefer running the helper with --dry-run first, verify parsed dates and timezones, protect the MATON_API_KEY, and avoid the documented Gmail send, trash, label, draft, and connection deletion examples unless you explicitly need those account-management powers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill is presented as a Gmail-to-Calendar promotion tool, but the documentation expands it into a general Gmail management interface capable of reading, sending, modifying, and deleting email-related resources. This scope drift is dangerous because users may invoke the skill expecting a narrow workflow while the agent is given instructions enabling unrelated and potentially destructive actions.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The connection-management section includes account-level operations such as connection deletion that are not necessary for converting email scheduling details into calendar events. Exposing these capabilities in the same skill increases the chance of accidental or unauthorized disruption of the user's authenticated integrations.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The API reference advertises Gmail mutation endpoints including send, modify labels, trash, and drafts, none of which are required for the advertised calendar-promotion task. Including these actions broadens the operational authority of the skill and makes misuse or prompt-induced abuse significantly more damaging.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The tool performs a write action to Google Calendar immediately after parsing email content, with no confirmation gate unless the caller explicitly uses --dry-run. In an agent setting, this can cause unintended event creation from ambiguous or attacker-crafted emails, leading to calendar pollution, confusion, or social-engineering amplification.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
Defaulting all undetected timezones to Asia/Shanghai can silently create events at the wrong time for users in other locales. In a scheduling workflow driven by email parsing, this can materially disrupt meetings and can be abused by ambiguous emails to induce incorrect calendar entries without obvious warning.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal