ClawHub
Back to skill

Security audit

Google Calendar

Security checks across malware telemetry and agentic risk

Overview

This Google Calendar skill is a disclosed calendar integration, but users should be careful because it can change or share calendar data after confirmation.

Install only if you are comfortable connecting Google Calendar through ClawLink and allowing the agent to read and modify calendars you can access. Approve write actions only after the preview matches your intent, especially calendar deletion, clearing events, attendee changes, or sharing and unsharing calendars.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill exposes ACL/share-management operations (`googlecalendar_acl_insert`, `googlecalendar_acl_delete`) that go beyond the manifest’s stated scope of scheduling and updating meetings. This creates an authority mismatch: a user or downstream agent selecting the skill for routine scheduling could unintentionally gain access to calendar-sharing capabilities that can expose calendar contents to third parties or alter access controls.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill includes destructive calendar-administration operations such as deleting a secondary calendar and clearing all events from a calendar, but the manifest only describes scheduling and event updates. This mismatch is dangerous because an agent or user invoking the skill for ordinary meeting management may not expect irreversible bulk-destructive capabilities to be present.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.