Book Google Meet
v1.0.7Create scheduled Google Calendar events with OPEN access Google Meet spaces.
⭐ 0· 362·0 current·0 all-time
by@kumadun
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description align with the included code: book_meeting.py implements Calendar event creation and uses the Meet API to look up and patch a Meet 'space' accessType. Requested OAuth scopes and the use of google-api-python-client are coherent for this purpose. However, the registry metadata supplied to the evaluator lists no required env vars or config paths while the SKILL.md and code expect client_secrets.json or GOOGLE_CLIENT_ID/GOOGLE_CLIENT_SECRET and write meeting_token.pickle — that mismatch is unexpected.
Instruction Scope
SKILL.md instructs the user to obtain OAuth credentials, install the Python packages, and run the script. The runtime instructions and the script operate only against Google APIs (Calendar and Meet) and only access client credential files, environment variables, and create a local token file. They do not attempt to read unrelated system files or send data to third‑party endpoints.
Install Mechanism
This is instruction-only with a small Python script and a requirements.txt; dependencies are standard google-auth packages pulled via pip. There is no remote arbitrary code download or obscure installer. Risk from the install mechanism itself is low, but running pip installs and executing the script will install code that interacts with Google APIs.
Credentials
The SKILL.md metadata and code expect OAuth client credentials (client_secrets.json or GOOGLE_CLIENT_ID/GOOGLE_CLIENT_SECRET) and will persist a pickled credentials token (meeting_token.pickle). The registry summary provided earlier reported no required env vars or config paths — that inconsistency is a red flag. Storing OAuth tokens as an unencrypted pickle in the working directory or default paths (~/.config/google-meet) may expose long‑lived credentials if file permissions are not handled carefully. The requested OAuth scopes include calendar and meetings.space.settings which are appropriate for the stated actions but still grant access to calendar events and Meet spaces.
Persistence & Privilege
The skill writes a token file (meeting_token.pickle) to disk and may create or use credential files in user config directories. It does not request always:true or modify other skills. Persisting OAuth tokens is expected for desktop OAuth flows, but you should be aware the token file represents authenticated access and should be protected/removed when not needed.
What to consider before installing
This skill appears to do what it says: create Google Calendar events and set Meet access. Before installing or running it: 1) Verify you trust the skill source — the registry metadata you were shown omits the credential and file requirements that the SKILL.md and code actually expect. 2) Only provide OAuth client credentials you control; prefer creating a dedicated Google Cloud project and OAuth client for this tool. 3) Be aware the script will run a local OAuth flow and persist credentials to meeting_token.pickle (and may look in ~/.config paths); protect or delete that file when done. 4) Review the code yourself (book_meeting.py is included) and consider running in an isolated environment if you have any doubt. 5) Note the tool can set Meet access to OPEN (anyone with the link can join) — ensure that is acceptable for your organization. If you want this to be lower risk, confirm the registry metadata is corrected to declare required env vars/files, or edit the script to store tokens in a secure location and limit scopes.Like a lobster shell, security has layers — review code before you run it.
latest
book-google-meet
Create scheduled Google Calendar events with OPEN access Google Meet spaces.
Quick Start
# 1. Install dependencies
pip install -r requirements.txt
# 2. Get OAuth credentials from Google Cloud Console
# - Enable Google Calendar API and Google Meet API
# - Create OAuth 2.0 Desktop app credentials
# - Download client_secrets.json
# 3. Place client_secrets.json in the skill directory
# 4. Run the script
python book_meeting.py --title "My Meeting" --date "2026-03-12" --time "15:00" --duration 45 --timezone "Asia/Shanghai"
Prerequisites
1. Google Cloud Project Setup
- Go to Google Cloud Console
- Create a new project
- Enable APIs:
2. OAuth Consent Screen
- Go to OAuth consent screen
- Select External user type
- Fill in app name and contact email
- Add scope:
https://www.googleapis.com/auth/meetings.space.settings - Set publishing status to In production
3. Create OAuth Credentials
- Go to Credentials
- Click Create Credentials → OAuth client ID
- Select Desktop app application type
- Download JSON and save as
client_secrets.json
Alternative: Set environment variables instead of using client_secrets.json:
export GOOGLE_CLIENT_ID='your-client-id'
export GOOGLE_CLIENT_SECRET='your-client-secret'
Required OAuth Scopes
https://www.googleapis.com/auth/calendar.events
https://www.googleapis.com/auth/calendar
https://www.googleapis.com/auth/meetings.space.settings
Note: Use meetings.space.settings (non-sensitive) instead of meetings.space.created (sensitive).
Usage
Basic Usage
python book_meeting.py --title "Team Meeting" --date "2026-03-12" --time "15:00" --duration 45 --timezone "Asia/Shanghai"
With Attendees
python book_meeting.py --title "Team Meeting" --date "2026-03-12" --time "15:00" --duration 45 \
--timezone "Asia/Shanghai" \
--attendees "user1@example.com,user2@example.com"
With Description
python book_meeting.py --title "Team Meeting" --date "2026-03-12" --time "15:00" --duration 45 \
--timezone "Asia/Shanghai" \
--description "Weekly sync meeting"
Access Types
# OPEN - Anyone with link can join (default)
python book_meeting.py --title "Public Meeting" --date "2026-03-12" --time "15:00" --duration 45 \
--timezone "Asia/Shanghai" --access-type OPEN
# TRUSTED - Org members + invited external users
python book_meeting.py --title "Internal Meeting" --date "2026-03-12" --time "15:00" --duration 45 \
--timezone "Asia/Shanghai" --access-type TRUSTED
# RESTRICTED - Only invitees
python book_meeting.py --title "Private Meeting" --date "2026-03-12" --time "15:00" --duration 45 \
--timezone "Asia/Shanghai" --access-type RESTRICTED
Command Line Options
| Option | Description | Default |
|---|---|---|
--title, -t | Meeting title (required) | - |
--date, -d | Meeting date (YYYY-MM-DD) | - |
--time | Meeting start time (HH:MM) | - |
--duration | Duration in minutes | 45 |
--timezone, -z | Timezone | America/New_York |
--attendees | Comma-separated email list | - |
--description | Meeting description | - |
--access-type | OPEN, TRUSTED, or RESTRICTED | OPEN |
--credentials, -c | Path to client_secrets.json | client_secrets.json |
--token-path | Path to store OAuth token | meeting_token.pickle |
Output Example
🚀 Step 1: Creating Calendar event with Meet conference...
✅ Calendar event created with Meet conference
Meeting Code: abc-defg-hij
🚀 Step 2: Looking up Meet space using meeting code...
✅ Found Meet space: spaces/xxxxxxxxxx
🚀 Step 3: Patching Meet space to OPEN access...
✅ Meet space patched successfully!
Access Type: OPEN
============================================================
✅ Meeting created successfully!
============================================================
📅 Title: Team Meeting
🕐 Start: 2026-03-12T15:00:00
🕐 End: 2026-03-12T15:45:00
🌐 Timezone: Asia/Shanghai
🔗 Meet URL: https://meet.google.com/abc-defg-hij
📞 Meeting Code: abc-defg-hij
🔓 Access Type: OPEN
🆔 Space Name: spaces/xxxxxxxxxx
📧 Calendar Link: https://calendar.google.com/calendar/event?eid=...
🆔 Event ID: xxxxxxxxxxxxxx
============================================================
How It Works
- Calendar API - Create event with Meet conference
- Meet API (spaces.get) - Look up Meet space using meeting code
- Meet API (spaces.patch) - Update space to set
accessType=OPEN
Troubleshooting
403 Permission Denied
Cause: Using meetings.space.created scope (sensitive) without additional verification.
Solution: Use meetings.space.settings scope (non-sensitive) instead. Already fixed in the script.
API Not Enabled
Enable both APIs in Google Cloud Console:
- Calendar API: https://console.developers.google.com/apis/api/calendar.googleapis.com/overview
- Meet API: https://console.developers.google.com/apis/api/meet.googleapis.com/overview
Invalid Credentials
Delete meeting_token.pickle to force re-authentication:
rm meeting_token.pickle
Files
book_meeting.py- Main scriptclient_secrets.json- OAuth credentials (you provide)meeting_token.pickle- Cached OAuth token (auto-generated)requirements.txt- Python dependencies
Security Notes
⚠️ Sensitive Files:
| File | Description | Security |
|---|---|---|
meeting_token.pickle | Cached OAuth tokens (contains refresh token) | Keep secure; delete when not needed; do not commit to version control |
client_secrets.json | OAuth client credentials | Never commit to version control; protect as password |
⚠️ Token File Warning:
The script writes meeting_token.pickle to disk after first OAuth authorization. This file contains sensitive OAuth tokens including refresh tokens that can be used to access your Google account. Protect this file:
- Do not share it
- Do not commit it to version control
- Delete it when no longer needed
- Ensure proper file permissions (readable only by owner)
References
Comments
Loading comments...