Niche Calendar

The skill instructions in SKILL.md direct the AI agent to use the 'exec' tool to run shell commands (e.g., 'clawhub search {term}') using parameters derived directly from user queries. This pattern introduces a potential shell injection vulnerability if the input is not properly sanitized before execution. While the functionality appears aligned with the stated purpose of tracking developer releases and sports schedules, the reliance on unvalidated shell execution is a high-risk security flaw.