ClawHub

Cal.com

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Cal.com API skill whose sensitive actions are real but aligned with its scheduling-management purpose.

Install/use this skill only if you are comfortable giving an agent Cal.com API access. Require confirmation before creating, cancelling, rescheduling, deleting, or changing webhooks; use least-privilege credentials; avoid logging full webhook payloads; and only send webhooks or calendar feeds to trusted HTTPS endpoints.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill documents destructive and privacy-sensitive operations such as cancelling or rescheduling bookings and configuring webhooks, but it does not instruct the agent to obtain explicit user confirmation before making changes or before sending attendee data to external endpoints. In an agent setting, this omission can lead to unintended modification of live scheduling data or disclosure of personal information through webhook configuration or booking operations.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The ICS feed save endpoint accepts an arbitrary external URL, which can create privacy and security risks if the backend fetches or stores remote calendar feeds without strong validation. This can expose internal scheduling data, permit access to sensitive third-party calendar content, or enable SSRF-style behavior depending on how URL retrieval is implemented.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The webhook section shows how to configure arbitrary subscriber URLs but does not warn that booking or attendee data may be sent to external endpoints. In an agent skill context, this can normalize forwarding scheduling data to third-party infrastructure without prompting for trust validation, data minimization, or privacy review, increasing the risk of unintended data exfiltration.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The busy-times documentation shows an endpoint returning calendar event metadata including title, start/end, and source, but does not warn that these fields may contain sensitive personal or business information. In an agent skill context, this omission can lead integrators to expose or over-request calendar details without user consent, increasing privacy leakage risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly recommends storing webhook payloads for debugging, and the sample payloads contain sensitive personal and operational data such as names, emails, meeting metadata, booking identifiers, and calendar details. Encouraging blanket payload logging without warnings about redaction, retention, or access controls can lead users to persist sensitive data in logs where it is broadly accessible and difficult to delete.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal