Trust Assessment
calctl received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection via User Input, Unpinned Dependency in Skill Requirements, Potential Excessive Permissions via AppleScript.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via User Input The skill description indicates that it wraps command-line tools (`icalBuddy`) and scripting languages (`AppleScript`). User-provided inputs such as event titles, notes, search queries, and date filters are likely passed directly to these underlying tools. Without proper sanitization and escaping, these inputs could be crafted to execute arbitrary shell commands or AppleScript code, leading to command injection. For example, a malicious user could inject shell metacharacters into the event title or notes field. Implement robust input sanitization and validation for all user-provided strings before passing them to `icalBuddy` or `AppleScript`. Ensure all special characters are properly escaped or use parameterized commands if the underlying tools support them. This applies to `<title>`, `--notes`, `[filter]`, and `<query>` parameters. | LLM | SKILL.md:20 | |
| MEDIUM | Unpinned Dependency in Skill Requirements The skill requires `ical-buddy` to be installed via `brew install ical-buddy`. This specifies a dependency without pinning it to a specific version. This introduces a supply chain risk, as future versions of `ical-buddy` could introduce vulnerabilities, breaking changes, or even malicious code. An unpinned dependency makes the skill vulnerable to 'dependency confusion' or 'version hijacking' attacks if a malicious package is published under the same name. Pin the `ical-buddy` dependency to a specific, known-good version (e.g., `brew install ical-buddy@X.Y.Z`) to ensure deterministic and secure installations. Regularly review and update the pinned version to incorporate security patches. | LLM | SKILL.md:8 | |
| MEDIUM | Potential Excessive Permissions via AppleScript The skill states it uses `AppleScript` for write operations. AppleScript, when executed via `osascript`, can have broad access to various macOS system features and applications beyond just the Calendar app. If the underlying `calctl` script's AppleScript implementation is not carefully restricted or sandboxed, it could potentially be exploited to perform actions outside the intended scope of calendar management, especially if combined with command injection vulnerabilities. Ensure that the AppleScript code used by `calctl` is as minimal as possible and strictly limited to interacting with the Calendar application. Avoid any AppleScript commands that could grant broader system access or interact with sensitive user data outside of calendar events. Consider implementing sandboxing mechanisms if available for `osascript` execution. | LLM | SKILL.md:3 |
Scan History
Embed Code
[](https://skillshield.io/report/e353e686df565787)
Powered by SkillShield