Skillv0.1.0

ClawScan security

Google Calendar · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:38 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to be a thin Google Calendar wrapper, but the README, runtime scripts, and setup steps are inconsistent and the code writes an access token to a file in the user's home directory — review and fix these mismatches before installing.
Guidance: Do not install blindly. Things to verify before using this skill: - Fix the env-var mismatch: the README expects a refresh-token flow but the main script expects GOOGLE_ACCESS_TOKEN at runtime. Decide which approach you want and update the docs/code accordingly. - Confirm how refresh tokens and access tokens are obtained and stored. The included refresh_token.py will write an access token to ~/.config/google-calendar/secrets.env; if you don't want tokens persisted to disk, do not run it or modify it to store secrets in your secret store instead. - The README suggests running python3 -m google_calendar.auth, but no such module exists. Confirm the correct helper to perform OAuth authorization and how to obtain an initial refresh token. - Inspect the scripts locally (they are short) and, if you still want to use them, run them in a restricted environment (non-privileged account) and prefer using your platform's secret storage rather than allowing the script to write credentials to your home directory. - The pyvenv.cfg file reveals a user/build path; that is not harmful by itself but indicates leftover artifacts — ask the publisher for a clean release or for source provenance (who maintains this skill?). If you cannot get clear answers from the skill author (or the README is corrected to align with the code), treat this skill as suspicious and avoid granting it real Google credentials.

Review Dimensions

Purpose & Capability: concernThe stated purpose (Google Calendar API access) matches the included code in general, but required credentials and runtime expectations differ between SKILL.md and the scripts. SKILL.md describes using CLIENT_ID/CLIENT_SECRET/REFRESH_TOKEN and storing secrets via openclaw, while the primary script (scripts/google_calendar.py) expects an environment variable GOOGLE_ACCESS_TOKEN (and optionally GOOGLE_CALENDAR_IDS). This mismatch means the declared setup doesn't actually meet the code's runtime requirements without extra steps.
Instruction Scope: concernSKILL.md's setup instructions reference a module invocation (python3 -m google_calendar.auth) and recommend installing google-auth libraries, but the repository provides scripts named refresh_token.py and google_calendar.py (no google_calendar.auth module) and the scripts use only the standard library (urllib). The README also tells users to store secrets via openclaw secret set, but the refresh_token script writes an access token into ~/.config/google-calendar/secrets.env — a different storage mechanism. These inconsistencies broaden the agent's runtime discretion and could lead to unexpected file writes.
Install Mechanism: noteNo install spec is provided (instruction-only), which is lower risk. The package includes two small Python scripts (no external downloads). There is an incidental pyvenv.cfg file pointing at a user/home path and an openclaw skills path (likely a leftover build artifact) — harmless technically but it leaks a build path and suggests the repository may contain local artifacts.
Credentials: concernSKILL.md asks for CLIENT_ID, CLIENT_SECRET, REFRESH_TOKEN, and GOOGLE_CALENDAR_ID (reasonable for OAuth flows). The runtime code, however, expects GOOGLE_ACCESS_TOKEN (and supports GOOGLE_CALENDAR_IDS). The refresh_token script does require client id/secret/refresh token and exchanges them for an access token, but it persists the access token to ~/.config/google-calendar/secrets.env rather than returning it or storing it where openclaw secrets would. Persisting access tokens to a file in a user's home directory is a disproportionate and unexpected persistence of secrets compared with the SKILL.md's guidance to store secrets in openclaw.
Persistence & Privilege: concernThe refresh_token.py script writes (and overwrites) ~/.config/google-calendar/secrets.env with an exported GOOGLE_ACCESS_TOKEN line. That creates on-disk persistence of a credential in the user's home directory and can be unexpected given the README's instruction to use openclaw secret storage. The skill does not request always: true and does not attempt to modify other skills, but the filesystem write is a persistent side effect worth noting.