Back to skill

Security audit

Google Calendar

Security checks across malware telemetry and agentic risk

Overview

This Google Calendar skill is mostly purpose-aligned, but it needs Review because it can change/delete real calendar data and handles Google access tokens in an under-documented local plaintext file.

Review before installing. Use the narrowest Google Calendar OAuth scope and a limited calendar where possible, verify event IDs before update/delete commands, and avoid the refresh helper on shared systems or in logged sessions because it writes and prints a Google access token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation describes use of environment secrets, network access, and local package installation, but the skill declares no explicit permissions. This creates a transparency and policy-enforcement gap: users or the platform may not realize the skill can read sensitive credentials, access the network, and modify the local environment, which increases the risk of over-privileged execution or secret exposure if the implementation is flawed.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill exposes event deletion as a normal command without documenting any confirmation, preview, or warning about destructive effects. In an agentic context, a mistaken parameter, prompt injection, or user misunderstanding could cause irreversible deletion of calendar events, leading to data loss or disruption of schedules.

Credential Access

High
Category
Privilege Escalation
Content
if not access_token:
        sys.stderr.write('No access_token in response\n')
        sys.exit(1)
    # Update the secrets.env file
    env_path = os.path.expanduser('~/.config/google-calendar/secrets.env')
    # Read existing lines, replace or add GOOGLE_ACCESS_TOKEN
    lines = []
Confidence
88% confidence
Finding
secrets.env

Credential Access

High
Category
Privilege Escalation
Content
sys.stderr.write('No access_token in response\n')
        sys.exit(1)
    # Update the secrets.env file
    env_path = os.path.expanduser('~/.config/google-calendar/secrets.env')
    # Read existing lines, replace or add GOOGLE_ACCESS_TOKEN
    lines = []
    if os.path.exists(env_path):
Confidence
88% confidence
Finding
secrets.env

Credential Access

High
Category
Privilege Escalation
Content
if not access_token:
        sys.stderr.write('No access_token in response\n')
        sys.exit(1)
    # Update the secrets.env file
    env_path = os.path.expanduser('~/.config/google-calendar/secrets.env')
    # Read existing lines, replace or add GOOGLE_ACCESS_TOKEN
    lines = []
Confidence
88% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
sys.stderr.write('No access_token in response\n')
        sys.exit(1)
    # Update the secrets.env file
    env_path = os.path.expanduser('~/.config/google-calendar/secrets.env')
    # Read existing lines, replace or add GOOGLE_ACCESS_TOKEN
    lines = []
    if os.path.exists(env_path):
Confidence
88% confidence
Finding
.env'

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.