The Agent Skills Directory

[SAFE]: The skill is entirely documentation-based and does not include any executable scripts, binaries, or command-line tools that could be used for malicious purposes.
[SAFE]: The authentication instructions follow industry security standards, directing users to store API keys and OAuth secrets in environment variables rather than hardcoding them within the skill.
[SAFE]: All network operations described in the documentation target the official infrastructure of the vendor (api.cal.com), ensuring that data is only transmitted to legitimate services.
[SAFE]: The skill includes technical details on verifying webhook payloads using the X-Cal-Signature-256 header, which helps protect integrations against unauthorized data injection or spoofing.
[SAFE]: Although the skill documents endpoints that process user-generated data (e.g., booking notes, attendee names), this functionality is inherent to the primary purpose of scheduling and does not introduce unusual security vulnerabilities.

calcom-api