ClawHub

Calendar Hold Sync

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed calendar-sync skill that can change configured Google calendars, so it is usable but should be tested carefully before live automation.

Install only if you intend to let this skill read configured source calendars and write target Busy holds. Start with dry-run on a test calendar, keep maxChangesPerRun conservative, avoid shared target calendars if source titles/accounts are sensitive, leave custom gog commands disabled unless you fully trust the config, and enable cron/watch only after confirming the exact mappings and how to disable the scheduled job.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly states that reconcile will 'Delete stale holds' but does not prominently warn users that automation may remove events it classifies as managed holds. In a calendar automation context, deletion is a destructive action; if metadata matching, backfill, or managed-hold detection is incorrect, users can lose calendar entries without expecting that risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to create, update, and delete calendar events, but it does not prominently warn that these actions will modify user calendar data and may remove existing managed holds. In an agentic context, insufficient disclosure around destructive calendar operations increases the risk of unintended data changes, especially when combined with reconcile/backfill/watch automation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill clearly directs reconciliation behavior that can create missing holds, update drifted holds, and delete stale holds in target calendars, but it does not prominently warn users that running the workflow will modify and remove calendar events. In a calendar automation context, this omission is risky because operators may run it against the wrong target calendar or broad mappings and unintentionally disrupt scheduling data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The metadata design stores source linkage in hold event descriptions, including srcAccount, srcCalendar, eventId, start, end, and title, but the skill does not warn that even base64url-encoded data is not encrypted and may expose potentially sensitive scheduling metadata to anyone with access to the target calendar or exported event data. In this context, mirroring private/busy holds can unintentionally leak source event titles and account identifiers across trust boundaries.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs storing source event metadata in the target hold event description, including event title, source account, calendar, event ID, and timestamps. Even though the hold is marked private, descriptions remain accessible to anyone or any integration with read access to the target calendar, which can leak sensitive scheduling context and cross-calendar identifiers without any privacy warning or minimization guidance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal