Hackathon Manager

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate hackathon tracker, but its Google Calendar removal feature can delete real calendar events too broadly and without confirmation.

Review before installing if you plan to use Google Calendar. The local tracker behavior is straightforward, but only run gcal sync or gcal remove after checking the Google account and exact hackathon name; removal may delete unrelated events with matching title text because it uses forced, broad matching.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 96% confidence
Finding: The skill instructs the agent to use shell execution, read/write local files, and access environment-backed tooling, but it declares no permissions. This creates a transparency and policy-enforcement gap: users and host systems cannot accurately assess or constrain what the skill may do before it runs.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented behavior expands beyond the stated description by performing Google Calendar operations through an external CLI, including event creation and deletion. This mismatch can mislead users and reviewers about the skill's real capabilities, increasing the risk of unintended external-side effects and over-broad trust in a seemingly simple tracking tool.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill description emphasizes local hackathon tracking, deadlines, and checklists, but the implementation also lists, creates, and deletes Google Calendar events. That expanded external capability increases risk because a user or calling agent may invoke calendar operations without understanding that the skill can affect third-party services and real account data.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The code can forcibly delete events from the user's primary Google Calendar based on a substring match in the event summary, which is a destructive external action. Because matching is broad and the deletion is forced, an attacker or mistaken user input could remove unrelated events that merely contain the provided name.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation guidance says to trigger when the user merely 'mentions hackathons,' which is overly broad and may cause the agent to invoke this skill during casual discussion rather than a clear task request. In this skill, accidental activation matters because it can lead to file modifications, shell commands, and external calendar actions without sufficiently specific user intent.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill includes a command to remove calendar events by matching the hackathon name in event titles, but it does not require an explicit warning or confirmation before deletion. Title-based matching can be over-inclusive, so users may unintentionally delete multiple or unrelated events with similar names.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: Syncing hackathon names, dates, and related metadata to Google Calendar sends locally stored information to an external service, but the code provides no explicit warning or consent checkpoint at the time of transmission. In an agent setting, that can lead to unintended disclosure of sensitive project names, timelines, or prize information.

Missing User Warnings

High

Confidence: 97% confidence
Finding: Calendar deletion is performed with '--force' and no confirmation, preview, or rollback path, making accidental or induced destructive actions easy. In a tool exposed through an agent, this is especially dangerous because natural-language ambiguity or prompt injection elsewhere could trigger irreversible deletion of real user calendar data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal