ClawHub

feishu-calender

Security checks across malware telemetry and agentic risk

Overview

This Feishu calendar skill is legitimate in purpose but needs review because it can modify or delete events and enable ongoing calendar monitoring without clear safeguards.

Install only for a Feishu tenant where the operator is authorized to manage calendars. Use least-privilege credentials, require explicit confirmation before updating or deleting events or inviting attendees, and enable subscriptions only for approved calendars with authenticated webhooks, retention limits, audit logging, and a clear unsubscribe path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest description understates the skill's capabilities by mentioning creation, free/busy queries, and subscription while the document also exposes update and deletion operations. This capability mismatch can mislead reviewers or users about the true write/delete scope of the skill, weakening informed consent and security review.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The introductory documentation claims responsibility only for creation, free/busy query, and subscription, but later includes update and delete APIs. This internal inconsistency can cause users and auditors to underestimate the skill's authority and overlook destructive behavior during approval or use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill enables querying users' free/busy status and subscribing to calendar changes, both of which expose privacy-sensitive scheduling metadata, yet it provides no warning about consent, least-privilege use, or handling of monitored calendar data. In an enterprise setting, this can facilitate unauthorized surveillance of employee availability and schedule changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents event deletion but does not warn that the operation is destructive and may permanently remove user scheduling data or disrupt meetings. Without confirmation requirements or guardrails, accidental or unauthorized use could cause operational disruption and loss of calendar integrity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal