Webtop Galim

Security checks across malware telemetry and agentic risk

Overview

This skill is useful for school-task monitoring, but it needs review because it handles children’s school credentials, can write task details to Google Calendar, and delegates one path to an unreviewed local Webtop script.

Install only if you trust the publisher and are comfortable storing student portal credentials locally. Use a private, dedicated Google Calendar, run calendar sync with --dry-run first, verify the calendar ID and any family-update destination, keep env and service-account files out of synced folders and repositories, and review or disable the Webtop path unless you also trust the separate pywebtop-skill script it executes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (13)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The documentation expands the skill from monitoring school portals into automation that synchronizes calendars and sends WhatsApp messages. This broadens the data flow surface from passive retrieval to active redistribution of potentially sensitive student information, which raises privacy and authorization concerns.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The documented Google Calendar write capability allows the skill to create events in an external calendar, which is a materially different and higher-risk action than merely checking homework. In a student-task context, this can leak due dates, titles, and schedule information to shared calendars or unintended audiences if configured incorrectly.

Context-Inappropriate Capability

Low

Confidence: 89% confidence
Finding: The WhatsApp group messaging capability is not explicitly stated in the manifest, despite involving outbound transmission of student task summaries to a group destination. Even if intended for family updates, undocumented messaging increases the risk of accidental disclosure and surprises users about where data will be sent.

Description-Behavior Mismatch

Medium

Confidence: 82% confidence
Finding: The wrapper exposes a `sync` command that triggers calendar synchronization, which goes beyond the stated skill scope of checking, monitoring, and summarizing homework/tasks. Scope expansion matters in agent skills because write-capable actions can create side effects in external systems without being clearly disclosed in the manifest, increasing the risk of unintended data modification or overbroad agent behavior.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: This script does more than passive inspection or summarization: it creates persistent Google Calendar events containing student homework metadata. That expands the skill's operational scope and introduces data propagation to a third-party system, which can surprise users and create privacy/compliance issues if not explicitly authorized.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code loads a Google service-account credential and uses it to write calendar events externally, giving the skill privileged access unrelated to simple homework inspection. If misconfigured or abused, this can leak student data to Google and modify calendars without the end user's direct visibility or granular consent.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to source local environment files that contain credentials, including usernames and passwords for children, without any warning to treat them as sensitive or avoid exposing them in output/logs. In an agent setting, this increases the risk of accidental secret disclosure, propagation into command history, or reuse in unintended contexts.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The recommended workflow suggests running the calendar sync command as a routine step, but does not clearly warn that it performs write operations against an external calendar. This can cause unintended creation or modification of events if an agent or user follows the instructions automatically without understanding the side effects.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The automation section describes daily calendar writes and WhatsApp updates involving student homework data, but it does not include any privacy warning, consent guidance, or data-sharing notice. In this context, the data concerns children and school activity, so silent redistribution to third-party services materially increases privacy risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The installer creates a credentials-oriented env template containing fields for student usernames, passwords, WhatsApp group identifiers, and a service-account path, but provides no explicit warning about secret handling, storage risks, or least-privilege practices. In a family/school context, these values are sensitive and could expose minors' school accounts or notification channels if mishandled, especially because the tool normalizes storing them in a predictable local path.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The instructions recommend exporting credential-bearing JSON directly into an environment variable, which can increase accidental exposure through shell history, process inspection, debugging output, crash reports, or inherited child processes. Because the data includes student account credentials, the impact includes unauthorized access to school systems and privacy loss for children.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: Loading service-account credentials without any user-facing disclosure obscures that the skill can act on an external Google account with elevated privileges. In a school-task context involving children, undisclosed credentialed access increases privacy and trust risk even if the implementation is otherwise functional.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script sends student/task details to Google Calendar through API calls without any visible warning, consent, or minimization of exported fields. Because the data includes child names and homework metadata, undisclosed third-party transmission can create privacy, compliance, and expectation-mismatch issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal