ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

temporal-cortex-scheduling

v0.9.1

List events, find free slots, and book meetings across Google Calendar, Outlook, and CalDAV. Multi-calendar availability merging, recurring event expansion,...

1· 717·1 current·1 all-time
byBilly Lui@billylui
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description, required binary (npx), and the two config paths (~/.config/temporal-cortex/credentials.json and config.json) are coherent with a calendar integration that stores OAuth tokens locally. However registry metadata lists Source: unknown / Homepage: none while SKILL.md claims a homepage and GitHub repository — that provenance mismatch is unexpected and should be verified.
Instruction Scope
SKILL.md instructions focus on installing/running a local MCP server which reads/writes only ~/.config/temporal-cortex/, authenticates to Google/Outlook/CalDAV, and performs network calls only to calendar providers or (in Platform Mode) api.temporal-cortex.com. This is in-scope for scheduling, but Platform Mode tools (resolve_identity, query_public_availability, request_booking) call external Temporal Cortex endpoints and Open Scheduling endpoints are described as unauthenticated public APIs — understand what data (availability metadata, booking requests) will be sent to that service before enabling Platform Mode.
!
Install Mechanism
The install is an npm package (@temporal-cortex/cortex-mcp) whose postinstall downloads a platform-specific compiled binary from the project's GitHub Releases. While SKILL.md says the postinstall verifies SHA256 and suggests independent checksum verification and Docker containment, this is a supply-chain risk: a remote binary is being written and executed on your machine and there are no local source code files in the skill bundle to audit. Verify the npm package page, the GitHub release, and checksums before installing; prefer the Docker containment option if you cannot fully verify the binary.
Credentials
The skill declares no required environment variables (reasonable). SKILL.md documents optional env vars for custom OAuth and platform-mode settings (GOOGLE_CLIENT_ID/SECRET, MICROSOFT_CLIENT_ID/SECRET, API_BASE_URL, REDIS_URLS, LOCK_TTL_SECS). These are plausible for the described features. The notable sensitive artifact is the local credentials file (~/.config/temporal-cortex/credentials.json) which will contain OAuth tokens — expected for calendar integrations but worth protecting and verifying that tokens are not exfiltrated in Local Mode.
Persistence & Privilege
The skill does not request 'always: true' and does not declare modification of other skills or system-wide agent settings. It does install a helper binary (cortex-mcp) and stores credentials in its own config directory; that is expected for a local calendar agent. Still verify the binary and its claimed filesystem/network restrictions before granting long-term presence.
What to consider before installing
Things to check before installing or running this skill: 1) Verify provenance: confirm the npm package page (@temporal-cortex/cortex-mcp) and the GitHub repo/releases SKILL.md references actually exist and match the package version. The registry metadata showed Source: unknown and Homepage: none while SKILL.md lists URLs — resolve that discrepancy first. 2) Verify the binary: follow the SKILL.md verification steps (npm pack --dry-run, fetch SHA256SUMS.txt from the GitHub release, and shasum -a 256 against the installed binary). If you cannot independently verify the release, prefer the Docker containment workflow so the binary writes only to a mounted config directory. 3) Protect credentials: the skill stores OAuth tokens at ~/.config/temporal-cortex/credentials.json. Treat that file as sensitive. Inspect its contents and back it up appropriately. Ensure your OAuth app/client secrets (if you provide them) are for a dedicated app and not reuse high-privilege credentials. 4) Understand Platform Mode and Open Scheduling: Platform Mode will call api.temporal-cortex.com for cross-user discovery/booking. Open Scheduling exposes unauthenticated public endpoints for a user's Temporal Link — using those features can publish availability and allow bookings without OAuth. If you do not want data shared with Temporal Cortex servers or public availability, keep the skill in Local Mode and do not enable Open Scheduling. 5) If you need higher assurance: review the project's source repository and CI build artifacts (reproducible build claims), or run the MCP server inside a container with the config directory mounted. If you cannot validate the binary and provenance, treat installation as higher-risk. What would change this assessment: if the registry metadata were corrected to link to a verifiable npm package and GitHub release whose checksums and reproducible build logs match the distributed binary (and you can audit the source), this would move the assessment toward benign. Conversely, if the package registry or claimed releases cannot be found or checksums don't match, consider it unsafe.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a06vzhtjm94jg50se6jydas82n82j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnpx
Config~/.config/temporal-cortex/credentials.json, ~/.config/temporal-cortex/config.json

Install

Node
Bins: cortex-mcp
npm i -g @temporal-cortex/cortex-mcp@0.9.1

Comments