Calendar

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Google Calendar helper, but users should be careful because it can create and delete real calendar events.

Install only if you trust gcalcli and are comfortable giving it access to the intended calendar account. Before running create or delete commands, confirm the calendar, event title, date/time, and exact event match, especially when deleting by search term.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill documents a destructive `gcalcli delete` operation with no warning about confirmation behavior, scope, or the risk of deleting unintended events when using broad search terms. In an agentic or automation context, this increases the chance of accidental data loss because a user or agent may execute deletion commands without understanding that the action is irreversible or ambiguously targeted.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal