个人日程管理

Security checks across malware telemetry and agentic risk

Overview

This scheduler mostly matches its purpose, but it handles personal calendar data with under-disclosed exposure and mutation risks that users should review before installing.

Review the configuration before use, remove or replace any Feishu recipient value, and only run the web UI on a trusted machine/network. Expect calendar events, reminders, and backups to remain on disk in plaintext, and be careful with natural-language delete or reschedule commands because they can change stored events without a confirmation step.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill advertises capabilities that imply file read/write and shell execution, but it does not declare corresponding permissions or clearly communicate those powers. This creates a transparency and trust problem: users or the platform may approve a seemingly harmless calendar tool while it can modify local data, invoke scripts, and interact with the host environment.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The documented purpose sounds like local personal scheduling, but the behavior also includes outbound reminders to Feishu and creation/management of OpenClaw cron tasks. That mismatch is dangerous because users may not realize the skill sends calendar-derived content externally and persists automation that continues running after initial use.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The natural-language examples allow broad create/modify/delete operations without documented confirmation rules, scoping, or ambiguity handling. In a scheduling skill, this can lead to unintended destructive actions such as deleting or changing the wrong event based on vague or overbroad parsing.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill automatically creates reminders and may send them through Feishu or other channels, but the description does not clearly warn users that calendar details can leave the local system. Because reminders may contain sensitive titles, times, and routines, silent outbound messaging creates a privacy and data-leak risk.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: Automatic backups and calendar import/export increase data persistence and duplication, but the documentation does not warn users about retained copies or privacy implications. This is less severe than outbound messaging, yet still important because sensitive schedule data may remain in backup directories or be imported/exported without clear lifecycle controls.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The delete flow removes calendar data immediately when exactly one match is found, without an explicit confirmation step. Natural-language parsing and partial matching can misidentify the intended event, causing accidental data loss that may be difficult to recover.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The update path deletes the original event before ensuring the replacement event is successfully created. If add_event fails or partially succeeds, the user can lose the original schedule entry and associated reminder metadata, making this a destructive and non-atomic operation.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The postpone operation deletes the original event and only then recreates it with a shifted time. Any exception, validation error, or reminder creation failure between those steps can permanently remove the event, turning a simple reschedule into unintended data loss.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The advance operation follows the same delete-then-recreate pattern, making the change non-atomic and vulnerable to accidental loss of the original event. Because the action is driven by natural-language interpretation, a parsing mistake combined with destructive mutation increases the chance of user harm.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The code persists reminder_jobs.json and config.json containing schedule metadata, event titles, reminder times, and a user identifier in plaintext without access controls, minimization, or disclosure. In a personal scheduler context, this data is privacy-sensitive and could expose a user's routines and identifiers to other local users, backups, logs, or unintended consumers of the data directory.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal