gcal-pro - Google Calendar
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: gcal-pro Version: 1.0.0 The OpenClaw AgentSkills skill bundle 'gcal-pro' appears benign. It provides legitimate Google Calendar integration, handling OAuth credentials and tokens securely by storing them locally with appropriate file permissions (`0o600`). The `SKILL.md` instructions are clear, align with the stated purpose, and include explicit confirmation requirements for destructive actions, showing no intent for prompt injection or subversion of the agent. All network communication is directed to Google's official APIs, and there is no evidence of data exfiltration, malicious execution, or persistence mechanisms beyond the intended 'morning brief' cron job.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If authorized, the skill can read calendar data and, on Pro, create or change calendar events through the user's Google account.
The skill stores a local OAuth token and, for Pro users, requests Google Calendar event read/write authority. This is expected for a calendar integration but grants meaningful account access.
TOKEN_FILE = CONFIG_DIR / "token.json"
SCOPES_PRO = [
"https://www.googleapis.com/auth/calendar.readonly",
"https://www.googleapis.com/auth/calendar.events"
]Only authorize the Google scopes you are comfortable granting, keep token.json private, and revoke access from Google Account permissions or the skill's revoke command if you stop using it.
A mistaken approval or wrong event ID could create, reschedule, or delete real calendar entries.
The skill exposes event mutation and deletion workflows, including a confirmation-bypass flag after approval. The instructions require user confirmation, making this purpose-aligned but sensitive.
Before deleting or significantly modifying an event, ALWAYS confirm with the user: 1. Show event details 2. Ask "Should I delete/reschedule this?" 3. Only proceed with `confirmed=True` or `-y` flag after user confirms
Require the assistant to show the exact event title, time, and ID before approving edits or deletes.
Calendar details could be delivered to Telegram, WhatsApp, or another channel if the user configures that integration.
The optional morning brief can send calendar-derived information through a messaging channel. This is disclosed, but the privacy boundary depends on the user's messaging setup.
**Cron setup example:** - Schedule: 8:00 AM daily - Action: Run `python scripts/gcal_core.py brief` - Delivery: Send output to user's messaging channel
Enable morning briefs only for trusted delivery channels and avoid sending sensitive calendar details to shared chats.
If enabled, the skill may continue reading calendar data and producing briefs on a daily schedule.
The skill supports recurring scheduled execution for daily agenda generation. This is a disclosed feature, not hidden persistence.
### Morning Brief (Pro + Cron) Set up via Clawdbot cron to send daily agenda
Only configure the cron job if you want recurring briefs, and remove the scheduled job when it is no longer needed.
Future dependency versions could differ from what the author tested.
The Python dependencies use lower-bound version constraints rather than exact pins. These packages are expected for Google Calendar access, but installation will pull current compatible versions from the package source.
google-auth>=2.23.0 google-auth-oauthlib>=1.1.0 google-api-python-client>=2.100.0
Install from a trusted Python package index and consider pinning dependency versions in your own environment if reproducibility matters.