Back to skill

Security audit

Niche Calendar

Security checks across malware telemetry and agentic risk

Overview

This is a small planning/calendar skill whose web searches and ClawHub CLI references match its stated purpose, with no hidden install code or persistence.

Install this only if you want an agent to answer niche schedule and release-planning questions using web search and occasional ClawHub CLI lookup. Treat any publish-related output as planning guidance, and do not run publish commands unless you intentionally want to change remote ClawHub state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest description contains broad trigger examples such as "new ClawHub skills" and "Saskatoon events," which can cause the skill to activate for generic requests outside its stated niche. Overbroad routing increases the chance the agent will invoke this skill in contexts where shell commands or web-driven outputs are not expected, expanding the attack surface and creating unsafe tool use opportunities.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow instructs use of `exec` against the ClawHub CLI (`clawhub list`) without any warning, restriction, or indication that command execution must be read-only and user-confirmed. Even if the shown command is benign, normalizing shell execution inside a skill increases the risk of unsafe command composition, privilege misuse, or later expansion to state-changing operations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill proactively suggests `clawhub publish` steps despite being framed as a calendar/planning skill, and it does so without warning that publishing changes remote state and may expose or deploy user content. This creates a dangerous pathway from informational assistance into operational actions, especially if the skill is selected for broad ClawHub-related requests.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.