ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Zoom Calendar

v1.1.0

Create Zoom meetings and add them to Google Calendar events with proper conferenceData (icon, video entry, notes). Use when creating calendar events with Zoo...

1· 742·0 current·1 all-time
byshaharsh@shaharsha
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Zoom + Google Calendar) align with required env vars, CLI tools, and credential files. The script talks only to Zoom and Google endpoints and requires Zoom S2S credentials plus gog/Google OAuth, which is appropriate for the task. Minor inconsistency: metadata lists .credentials/zoom.json but the script defaults to $HOME/.openclaw/workspace/.credentials/zoom.json unless ZOOM_CREDENTIALS is set.
Instruction Scope
SKILL.md and the included bash script limit actions to creating a Zoom meeting, obtaining Google access tokens via gog, and PATCHing the specified calendar event's conferenceData. The script reads declared credential files and the two declared env vars, uses mktemp for a transient token file (deleted), and only calls zoom.us, oauth2.googleapis.com, and www.googleapis.com.
Install Mechanism
No install spec — instruction-only with an included script. No downloads or extraction from remote URLs. Risk is low because nothing is written to system paths besides a temporary token file that the script removes.
Credentials
Requested env vars (GOG_KEYRING_PASSWORD, GOG_ACCOUNT) are justified for gog/Google auth. The Zoom credentials are read from a file (configurable via ZOOM_CREDENTIALS) which is appropriate. Note the small mismatch between the metadata-declared credentials path and the script's default path; ensure your Zoom credentials are stored at the path the script expects or set ZOOM_CREDENTIALS.
Persistence & Privilege
always:false and the skill does not request persistent system-wide privileges or modify other skills. It requires permission to modify calendar events (expected). The agent-executable default is normal.
Assessment
This skill appears to do what it says: create a Zoom meeting and attach it to a Google Calendar event. Before installing, verify and store the Zoom Server-to-Server credentials file securely (or set ZOOM_CREDENTIALS to the correct path), confirm you are comfortable granting the gog CLI access to the Google account specified by GOG_ACCOUNT, and review the script if you want to ensure no additional behavior. Also confirm the script's default Zoom credentials path ($HOME/.openclaw/workspace/.credentials/zoom.json) matches where you keep the file or set ZOOM_CREDENTIALS to point at your actual .json. As always, limit the credentials you provide to least privilege and keep backups of any credentials you change.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📹 Clawdis
EnvGOG_KEYRING_PASSWORD, GOG_ACCOUNT
latestvk970xyqb3w9gx5qsq3se21ty5s83cknf
742downloads
1stars
2versions
Updated 9h ago
v1.1.0
MIT-0
shaharsh@shaharsha
latest
Download

Zoom + Google Calendar 📹

Create Zoom meetings via API and attach them to Google Calendar events — identical to the Zoom for Google Workspace add-on UI.

Quick Usage

bash skills/zoom-calendar/scripts/zoom_meeting.sh <event_id> "Meeting Title" "2026-03-01T11:50:00" 60

Parameters:

ParamDescriptionExample
event_idGoogle Calendar event IDdgth9d45bb93a0q7ohfnckq88k
topicMeeting title"Team Meeting"
start_timeISO format, no timezone (Jerusalem assumed)"2026-03-01T11:50:00"
durationMinutes (optional, default 60)45

Output: Join URL, Meeting ID, Password + event patched automatically.

Typical Workflow

  1. Create calendar event with gog calendar create
  2. Run zoom_meeting.sh with the event ID
  3. Done — conferenceData with icon, video link, and notes are set

Critical Rules

RuleDetail
iconUriUse EXACTLY the URL in the script — official Zoom Marketplace icon
entryPointsONLY video — no phone, no SIP
passcodeNot pin — field name matters
meetingCodeInclude the meeting ID here too
notesUse <br /> for line breaks (not \n)
descriptionLeave empty — don't duplicate info
locationLeave empty — Zoom link lives in conferenceData
DefaultDo NOT add Zoom unless explicitly requested

Auth Setup

Zoom (Server-to-Server OAuth)

Credentials: .credentials/zoom.json

{"account_id": "...", "client_id": "...", "client_secret": "..."}

Create at marketplace.zoom.us → Develop → Server-to-Server OAuth. Scopes: meeting:write:admin, meeting:read:admin.

Google Calendar

Uses gog CLI auth. The script handles token export + refresh automatically.

Required env vars:

  • GOG_KEYRING_PASSWORD — keyring password for gog CLI
  • GOG_ACCOUNT — Google account email (e.g. user@gmail.com)

Required files:

  • $HOME/.config/gogcli/credentials.json — Google OAuth client credentials (created by gog auth)
  • Override path with GOG_CREDENTIALS env var

Required CLI tools: gog, jq, curl, base64

Comments

Loading comments...