cal-com-automation
Automates Cal.com scheduling tasks using Rube MCP, enabling efficient management of bookings, availability checks, and webhook configurations.
Install this skill
Security score
The cal-com-automation skill was audited on Feb 28, 2026 and we found 24 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 3 | description: "Automate Cal.com tasks via Rube MCP (Composio): manage bookings, check availability, configure webhooks, and handle teams. Always search tools first for current schemas." |
Webhook reference - potential data exfiltration
| 83 | ### 3. Configure Webhooks |
Webhook reference - potential data exfiltration
| 85 | **When to use**: User wants to set up or manage webhook notifications for booking events |
Webhook reference - potential data exfiltration
| 88 | 1. `CAL_RETRIEVE_WEBHOOKS_LIST` - List existing webhooks [Required] |
Webhook reference - potential data exfiltration
| 89 | 2. `CAL_GET_WEBHOOK_BY_ID` - Get specific webhook details [Optional] |
Webhook reference - potential data exfiltration
| 90 | 3. `CAL_UPDATE_WEBHOOK_BY_ID` - Update webhook configuration [Optional] |
Webhook reference - potential data exfiltration
| 91 | 4. `CAL_DELETE_WEBHOOK_BY_ID` - Remove a webhook [Optional] |
Webhook reference - potential data exfiltration
| 94 | - `id`: Webhook ID for GET/UPDATE/DELETE operations |
Webhook reference - potential data exfiltration
| 95 | - `subscriberUrl`: Webhook endpoint URL |
Webhook reference - potential data exfiltration
| 97 | - `active`: Whether the webhook is active |
Webhook reference - potential data exfiltration
| 98 | - `secret`: Webhook signing secret |
Webhook reference - potential data exfiltration
| 101 | - Webhook URLs must be publicly accessible HTTPS endpoints |
Webhook reference - potential data exfiltration
| 103 | - Inactive webhooks do not fire; toggle `active` to enable/disable |
Webhook reference - potential data exfiltration
| 104 | - Webhook secrets are used for payload signature verification |
Webhook reference - potential data exfiltration
| 159 | ### Webhook Setup |
Webhook reference - potential data exfiltration
| 162 | 1. Call CAL_RETRIEVE_WEBHOOKS_LIST to check existing hooks |
Webhook reference - potential data exfiltration
| 163 | 2. Create or update webhook with desired triggers |
Webhook reference - potential data exfiltration
| 164 | 3. Verify webhook fires on test booking |
Webhook reference - potential data exfiltration
| 182 | - Webhook management requires appropriate access level |
Webhook reference - potential data exfiltration
| 196 | | List webhooks | CAL_RETRIEVE_WEBHOOKS_LIST | (none) | |
Webhook reference - potential data exfiltration
| 197 | | Get webhook | CAL_GET_WEBHOOK_BY_ID | id | |
Webhook reference - potential data exfiltration
| 198 | | Update webhook | CAL_UPDATE_WEBHOOK_BY_ID | id, subscriberUrl, eventTriggers | |
Webhook reference - potential data exfiltration
| 199 | | Delete webhook | CAL_DELETE_WEBHOOK_BY_ID | id | |
External URL reference
| 21 | **Get Rube MCP**: Add `https://rube.app/mcp` as an MCP server in your client configuration. No API keys needed — just add the endpoint and it works. |