Is caldav-calendar safe?

https://clawhub.ai/Asleep123/caldav-calendar

85
SAFE

This is a benign documentation-only skill that provides CLI instructions for CalDAV calendar synchronization using vdirsyncer and khal. It contains no executable code, no install scripts, no hidden instructions, and exhibited no suspicious behavior during installation. The only concerns are inherent to its purpose: it references credential file paths in setup examples and requires network access to CalDAV servers, which are expected for a calendar sync tool.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 78/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 65/100 · 5%

Findings (6)

LOW Credential file path exposure in setup documentation -12

The SKILL.md setup example includes password.fetch = ["command", "cat", "~/.config/vdirsyncer/icloud_password"], which documents a plaintext credential file path. An LLM agent following these instructions could inadvertently read or log this credential. This is standard vdirsyncer configuration and not malicious, but it increases the attack surface when combined with an agent that has file-read capabilities.

LOW Network communication with remote CalDAV servers -10

vdirsyncer sync communicates with external CalDAV servers (iCloud, Google, Fastmail, Nextcloud). This is expected and necessary for the skill's purpose, but means the agent will be sending authenticated requests to third-party servers. Calendar data contains potentially sensitive scheduling information.

INFO Skill requests shell command execution -10

The skill's purpose requires the agent to execute shell commands (vdirsyncer, khal, rm). These are well-known CLI tools and the commands shown are standard usage. No command injection vectors or obfuscated commands are present.

LOW Calendar write access enables event manipulation -15

The skill enables creating and deleting calendar events. A compromised or misbehaving agent could create spam events, delete legitimate events, or use calendar entries as a covert data channel. This is inherent to the skill's stated purpose.

INFO Cache deletion instruction present -5

The skill includes 'rm ~/.local/share/khal/khal.db' as a troubleshooting step. This is legitimate but deletes a local database file. An agent could execute this unnecessarily.

INFO apt package installation required -5

The skill requires installing vdirsyncer and khal via apt. These are legitimate packages from official repositories. The install metadata correctly declares this dependency.