Back to skill

Security audit

iCloud Calendar — Full CRUD

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed iCloud calendar manager that needs sensitive calendar credentials and can change real events, but its behavior matches its stated purpose.

Install only if you trust this skill with your iCloud calendar. Use an Apple app-specific password, protect the OpenClaw config file, set the timezone to your actual locale, preview deletions with DELETE_DRY_RUN=1, and use narrow keywords/date ranges for update or delete requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation claims update operations are protected by a CONFIRM_UPDATE environment gate, but the declared update tool exposes only a UI confirmation flag and no corresponding safety_env_vars mechanism. This mismatch can cause operators or orchestrators to believe a stronger server-side safeguard exists when it does not, increasing the chance of unintended calendar modifications.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes very generic words such as 'schedule', 'reminder', 'meeting', 'calendar', and 'event', which are common in ordinary conversation and can cause accidental invocation. Because this skill supports destructive actions like update and delete, overbroad activation increases the risk of unintended reads or modifications to a user's calendar.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill defaults relative date parsing to Asia/Shanghai and presents that as the standard behavior without clear user opt-in. In a calendar-management context, silently forcing a timezone can lead to events being created or queried at the wrong times, which is operationally risky even if it is not a classic security exploit.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.