Skillv0.1.5

ClawScan security

Caldav Cli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 7:56 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (a CLI wrapper for caldav-cli) matches the binaries, config path, and keychain usage described in the instructions; nothing requested appears disproportionate, though you should still review the npm package and consent flows before installing.
Guidance: This skill appears coherent with its stated purpose, but take precautions before installing: 1) Verify the npm package and GitHub repo (typosquat or malicious packages are possible). 2) Inspect the caldav-cli code or its README if you can, and confirm the package author and recent release history. 3) Be mindful when providing OAuth client secrets or app-specific passwords — although the tool claims to store secrets in the OS keychain, review config.json after first run to confirm secrets are not written to disk. 4) If you allow autonomous agent invocation, remember the agent could run caldav-cli commands with any stored credentials and access your calendar data. If you are unsure, install and test the package locally in a controlled environment first or run the CLI manually instead of granting an agent automatic access.

Review Dimensions

Purpose & Capability: okThe skill is an instruction-only wrapper for the caldav-cli Node package. Requiring the caldav-cli binary and Node.js and using ~/.config/caldav-cli/config.json and the OS keychain are consistent with the described CalDAV calendar management and OAuth2/basic auth workflows.
Instruction Scope: okSKILL.md contains only expected usage and installation instructions (npm install, account add/list/remove, events list/create). It instructs the user to provide credentials via an interactive wizard and to store secrets in the OS keychain; it does not instruct reading unrelated files or exfiltrating data.
Install Mechanism: noteInstallation is via npm (npm install -g caldav-cli) with an indicated GitHub source. npm installs are normal for Node CLIs but carry the usual supply-chain risk — review the package and its repo before installing. No obscure download URLs or archive extraction are used.
Credentials: okNo environment variables or unrelated credentials are requested. The skill legitimately needs user-supplied app-specific passwords or OAuth client credentials for providers; these are documented as being stored in the OS keychain rather than plaintext on disk.
Persistence & Privilege: okThe skill does not request always: true and does not modify other skills or system-wide agent settings. It persists only a config file (~/.config/caldav-cli/config.json) and stores secrets in the OS keychain, which is appropriate for a calendar client. Note: the agent is allowed to invoke the skill autonomously by default — expected behavior but be aware it could access calendars if credentials are present.