Back to skill
Skillv0.1.0
VirusTotal security
Google Calendar · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:11 AM
- Hash
- 8a3e0b3872ca00ffe8cb53e89ea6cfde3c2a0cc0f82665753b9e663fc6a8567f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: google-calendar Version: 0.1.0 The skill is classified as suspicious due to a significant discrepancy between its documentation and implementation. The `scripts/refresh_token.py` script writes the obtained `GOOGLE_ACCESS_TOKEN` to a local file (`~/.config/google-calendar/secrets.env`), which is a risky capability (file system write) and is not explicitly mentioned or explained in the `SKILL.md` documentation. Furthermore, the `SKILL.md` describes a different method for obtaining the initial refresh token and a different implementation approach (using the official Google API client library) than what is actually provided in the Python scripts, leading to a lack of transparency and potential operational confusion.
- External report
- View on VirusTotal