Opys Calendar Skill

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The calendar functions are mostly purpose-aligned, but the package includes prior personal calendar/sync state and persists Google OAuth tokens on disk without clearly disclosing that behavior.

Review and reset the included calendar.md and .calendar-google-sync-state.json before using this skill. If you enable Google sync, understand that it requests broad calendar access and stores OAuth session tokens locally in the project directory; only use it in a trusted folder and remove session files before sharing or archiving the project.

Static analysis

Env credential access

Critical

Finding: Environment variable access combined with network send.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

Potential exfiltration

Warn

Finding: Sensitive-looking file read is paired with a network send.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ASI03: Identity and Privilege Abuse

High

What this means

If you sign in with Google, calendar access tokens may remain in the project directory and could be read by other local tools, agents, backups, or anyone with access to that folder.

Why it was flagged

The server requests broad Google Calendar access and persists access/refresh-token session data to a local JSON file. SKILL.md documents the Google sync-state file but does not disclose this separate token/session store.

Skill content

const oauthScope = ["openid", "email", "profile", "https://www.googleapis.com/auth/calendar"].join(" ");

type SessionTokens = {
  accessToken: string;
  refreshToken?: string;
  expiryAt: number;
...
const sessionStorePath = path.join(root, ".calendar-sessions.json");
...
fs.writeFileSync(sessionStorePath, JSON.stringify(data, null, 2));

Recommendation

Only use Google sync in a trusted local directory, remove .calendar-sessions.json when done or when sharing the folder, and prefer an implementation that documents token storage and restricts OAuth scope where possible.

ASI06: Memory and Context Poisoning

Medium

What this means

The agent may answer questions or schedule around someone else’s preloaded calendar, and the package itself exposes that prior schedule data.

Why it was flagged

The shipped source-of-truth calendar contains concrete personal-looking schedule entries rather than an empty or sample calendar. Because SKILL.md instructs agents to treat calendar.md as authoritative, a new user’s agent may over-trust this stale data.

Skill content

- [ ] `evt_Z_1VeBj-` | 2026-02-25 18:10 -> 2026-02-25 18:25 | **Pick up sister** (`life`)
- [ ] `evt_8nuraLrq` | 2026-02-25 19:45 -> 2026-02-25 20:45 | **Physics quiz prep (Torque & Rotational Inertia)** (`physics`)

Recommendation

Before use, replace calendar.md with your own clean calendar or a blank template, and do not sync until you have removed unrelated entries.

ASI08: Cascading Failures

Medium

What this means

If you sync without resetting state, old mappings and preloaded events could be merged into or conflict with your Google Calendar data.

Why it was flagged

The package includes a non-empty Google sync-state file keyed to a specific email/calendar identity. In a two-way sync tool, stale mapping state can confuse deduplication or propagation when a new user connects their own Google account.

Skill content

"112837351600268447145:niravsurabhi@gmail.com": {
  "md_evt_vDmneprY": "26lhq70ge2m2nlm5jtre85l554"

Recommendation

Delete .calendar-google-sync-state.json and any preloaded calendar data before connecting Google, then perform an initial sync only after reviewing what will be changed.

ASI02: Tool Misuse and Exploitation

Low

What this means

An agent following these instructions can alter or remove events in the local calendar file.

Why it was flagged

The skill gives the agent CLI commands that can mutate or delete local calendar events. This is expected for a calendar-management skill and is documented, but users should recognize that agent actions can change their schedule.

Skill content

Update:
   `npm run cli -- update --id <event_id> [fields...]`
...
Delete:
   `npm run cli -- delete --id <event_id>`

Recommendation

Keep backups before bulk changes and review agent-requested update/delete operations, especially before syncing them to Google Calendar.