ClawHub

Ical Calendar

v1.0.0

Query `.ics` calendar files, raw iCal strings, or remote iCal feeds with the local `icali` CLI. Use when a user asks for natural-language calendar lookups su...

0· 64·0 current·0 all-time
by@docmarionum1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say the skill queries .ics/iCal data and the only required runtime artifact is the icali binary. There are no unrelated environment variables, packages, or config paths requested — the declared requirement (icali) is exactly what you would expect.
Instruction Scope
SKILL.md gives explicit CLI invocations and post-processing guidance and stays focused on calendar queries. It does recommend looking for a source in the workspace or prior context; this is appropriate for a file-based calendar skill but means the agent may read local .ics files if present (which is expected behavior). The instructions do not request other system secrets or unrelated files.
Install Mechanism
This is instruction-only with no install spec, so nothing is downloaded or written to disk by the skill itself. Risk is low but the environment must already provide the icali binary.
Credentials
No environment variables, credentials, or config paths are requested. That matches the skill's simple CLI-based purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence. It does not modify other skills or system-wide settings in its instructions.
Assessment
This skill appears to do what it claims, but check these before installing: 1) Ensure the agent environment actually has the icali binary you trust (the skill expects a local CLI). 2) Be aware the agent may read any .ics files present in the workspace or follow a user-supplied calendar URL — avoid placing sensitive calendar files in the workspace unless you want them queried. 3) If providing remote feed URLs, avoid exposing URLs that embed credentials or point to private endpoints you don't want the agent to fetch. 4) The skill itself doesn't exfiltrate data, but any responses it generates will contain calendar contents — consider whether that output may be displayed or transmitted elsewhere by the agent.

Like a lobster shell, security has layers — review code before you run it.

latestvk9753a4qyf1erqasb4wgtpjdrs84mxas

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsicali

Comments