Calendar Reminders (gcalcli + CalDAV)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: calendar-reminders Version: 0.1.1 The skill is classified as suspicious due to its reliance on executing external binaries (`gcalcli`, `khal`, and potentially `vdirsyncer`) whose paths are configurable in `~/.config/openclaw/calendar.json`. This introduces a Remote Code Execution (RCE) vulnerability if an attacker can modify the configuration file to point to arbitrary executables. While the `SKILL.md` documentation explicitly warns the agent/user about this risk and advises on secure practices (e.g., 'Only point `gcalcliPath` / `khalBin` to **trusted binaries**'), the inherent capability to execute user-defined binary paths makes it a significant security concern. The Python script `scripts/calendar_reminder_plan.py` does correctly use `subprocess.check_output` with argument lists (defaulting to `shell=False`), mitigating shell injection from event data, and the example config provides `vdirsyncerSyncCommand` as a safe argument list.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and wiring this skill may expose calendar event details to the local planner and any reminder-scheduling workflow you build around it.
The skill is expected to use Google Calendar OAuth and optional CalDAV tooling, which means it can access private calendar data through the user's configured calendar accounts.
`gcalcli` requires OAuth. ... Optional (for CalDAV/iCloud): `vdirsyncer`, `khal`
Use only the calendars you actually want reminders for, keep the config private, and review any OAuth/CalDAV permissions granted to the underlying tools.
A bad or unexpected binary path in the config could cause the scheduler to run the wrong local program.
The planner executes a configured local gcalcli binary, and similar code executes khal when CalDAV is enabled. This is central to the skill's purpose and uses argument-list subprocess calls, but the configured paths must be trusted.
gcalcli = os.path.expanduser(google.get("gcalcliPath") or "gcalcli") ... out = subprocess.check_output(cmd, text=True, env=env)Set gcalcliPath and khalBin to trusted, preferably absolute, binary paths and avoid running configs from untrusted sources.
Calendar event titles from invitations or shared calendars could later appear in agent context as reminder text.
The script's reminder message includes the calendar event title, so external calendar text can be persisted into future reminder context if the suggested systemEvent wiring is used.
For each planned reminder, creates a one-shot OpenClaw `systemEvent` reminder at `reminderAtUtc`.
Treat calendar titles as untrusted data in reminder messages, and consider quoting, prefixing, or sanitizing titles so they are not interpreted as agent instructions.
If configured, the workflow may keep running daily and create reminders automatically.
The suggested cron/state-file workflow is persistent automation. It is disclosed and user-directed, not hidden, but it should be reviewed before enabling.
Create a daily cron job ... runs `scripts/calendar_reminder_plan.py` ... creates a one-shot OpenClaw `systemEvent` reminder ... Writes a small state file so you don’t schedule duplicates.
Enable cron or agent scheduling only after reviewing the exact command, state-file path, calendars, and duplicate-prevention behavior.
Users may need to manually discover and install the required calendar tools, and one advertised wrapper file is not present in the supplied manifest.
The registry metadata does not declare the binaries that SKILL.md says are required, and the manifest does not include the `scripts/calendar` wrapper mentioned in SKILL.md. This is a packaging/setup clarity issue rather than evidence of malicious behavior.
Required binaries (all must exist): none ... File manifest ... SKILL.md ... references/openclaw-calendar.example.json ... scripts/calendar_reminder_plan.py
Before installing, confirm that python3, gcalcli, and any optional CalDAV tools are installed from trusted sources, and do not rely on missing files that are not included in the package.