Meetup Planner
PassAudited by ClawScan on May 1, 2026.
Overview
Meetup Planner appears purpose-aligned, but users should notice that it can store event preferences locally, use external search/scraping tools, and optionally set up recurring background searches.
This skill does not show malicious behavior in the provided artifacts. Before installing, decide whether you are comfortable with it storing your event preferences locally, using your chosen search/scraping tools, and optionally creating a recurring scheduled task for daily event searches.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may use whatever compatible search or scraping tools are installed, so those tools could determine what sites are contacted and what credentials or limits apply.
The skill is designed to discover and use other search/scraping tools, which is purpose-aligned but means behavior depends on the permissions and trustworthiness of those external tools.
"This skill requires web search and scraping capabilities. You must provide your own search and scraping tools/skills. The skill will detect what you have available during setup."
Use only trusted search/scraping tools with this skill and review what permissions those tools have.
Provider API keys or login credentials used by separate search/scraping tools may be involved when the skill searches for events.
The skill does not declare its own primary credential, but it may rely on credentials configured in user-selected search or crawling tools.
"Any authentication credentials required by the search/crawling tools you use"
Confirm that any connected search or scraping tools use appropriately scoped credentials and that you trust those tools before enabling automation.
Your interests, location, schedule preferences, discovered events, and reminders may remain on disk and be reused by future invocations.
The skill stores personal event preferences, location, and schedule information in persistent local configuration.
"preferences": { "eventTypes": ["tech meetups", "workshops"], "topics": ["AI/ML", "web development"], "location": "San Francisco", "formatPreference": "in-person", "schedule": "weekday evenings" }Avoid entering overly sensitive preferences, and review or delete the files under the meetup-planner workspace if you no longer want that information retained.
If enabled, the skill may keep running scheduled event searches and reminders after initial setup.
The skill can establish recurring background behavior, but the artifact presents it as optional and user-confirmed.
"Would you like me to automatically search for new events every day?" ... "Set up a cron job (or equivalent scheduled task) to run the daily search"
Enable daily automation only if you want it, and periodically check or remove the related cron/scheduled task if you stop using the skill.
An installer or registry view may not fully summarize the permissions described inside the package files.
The package declares filesystem, network, and cron permissions even though the registry-derived capability signals show no capability tags; this is an under-declared metadata signal rather than hidden behavior.
"permissions": { "filesystem": { "read": ["~/.openclaw/workspace/meetup-planner/"], "write": ["~/.openclaw/workspace/meetup-planner/"] }, "network": { "domains": ["eventbrite.com", "meetup.com", "luma.co"] }, "cron": true }Review the embedded package permissions and README/SKILL instructions rather than relying only on registry capability tags.