Gcalcli
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A changed or compromised fork could run code on the user's machine and access calendar data or cached Google credentials used by gcalcli.
The main workflow runs a custom GitHub fork from a branch rather than a pinned, reviewed release or commit. That remote code would execute locally and interact with the user's Google Calendar OAuth session.
IMPORTANT: Always use the custom fork with attachment support: uvx --from "git+https://github.com/shanemcd/gcalcli@attachments-in-tsv-and-json" ... gcalcli
Use an official or audited gcalcli release where possible, pin any fork to a reviewed commit hash, and disclose the dependency in the install metadata.
The agent may attempt to read a specific person's or organization's calendar data rather than only the installing user's intended calendar.
The skill uses persistent Google OAuth credentials and repeatedly scopes commands to a specific work-calendar address with full event details, without saying users should replace it or confirm access boundaries.
Cache credentials for future use ... Request calendar read permissions ... gcalcli agenda --calendar smcdonal@redhat.com --details all --json
Require the user to choose the calendar ID at runtime, avoid hardcoded personal/work calendars, and document the exact OAuth scope and credential storage path.
Private meeting notes, recordings, chat transcripts, or shared document links could be pulled into the agent's working context or saved locally more broadly than the user intended.
The skill is designed to retrieve and export sensitive meeting-derived context, including AI notes, recordings, chats, and Drive links, with a bulk-export workflow and no clear retention or reuse limits.
Common attachment types: "Notes by Gemini", "Recording", "Chat" ... Direct link to Google Drive file or Google Doc ... Bulk export ALL Gemini notes from search results
Ask for explicit confirmation before exporting attachments or notes, limit searches to user-specified events/date ranges, and explain where exported files are stored and how they should be handled.
The agent could execute local project code that was not reviewed as part of the skill and write sensitive meeting exports to the user's Downloads folder.
The skill tells the agent to run an undeclared local helper project from a hardcoded user path to export meeting notes, even though the registry has no install spec or reviewed code for that helper.
cd /var/home/shanemcd/github/shanemcd/gcmd uv run gcmd export "$GEMINI_URL" -o ~/Downloads/
Declare and review any helper tools, avoid hardcoded personal paths, and require user confirmation before running local project code or writing exported files.