Skillv1.2.41

ClawScan security

Proactive Claw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 2:42 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The package appears internally consistent with its stated purpose (a local-first proactive calendar assistant); requested files and runtime behavior align with that goal and no surprising external endpoints or hidden installers are present.
Guidance: This skill appears to do what it says: a local-first proactive calendar assistant that reads your calendars and writes to a dedicated Actions calendar. Before installing, review these items: 1) credentials.json is required and contains your OAuth client secret — only provide a client you control and understand; token.json will store OAuth tokens locally, revoke them via your Google account if you stop using the skill. 2) The OAuth scope is full calendar access; the code claims to only write to an Actions calendar, but that restriction is enforced in code (so only use trusted copies of the skill). 3) setup.sh requires you to install Python packages manually from requirements-*.txt; consider installing into a virtualenv and prefer hash-locked dependencies. 4) Try the dry-run commands first (scripts/setup.sh --doctor, python3 scripts/action_planner.py --plan --dry-run, python3 scripts/action_executor.py --execute --dry-run, python3 scripts/quickstart.sh) to inspect planned actions before enabling the daemon. 5) If you care about maximum isolation, run the skill in a separate user account or VM, and audit config.json defaults (max_autonomy_level defaults to confirm). If you want additional assurance, request the full contents of the omitted files for manual review or run the audit commands listed in SECURITY.md.

Review Dimensions

Purpose & Capability: okName/description (proactive calendar assistant) match the code and runtime requirements: python3, a local config.json, and credentials.json for Google OAuth. The codebase implements calendar scanning, planning, and local notification/execution logic consistent with the stated purpose.
Instruction Scope: noteSKILL.md instructs running scripts/setup.sh, quickstart.sh and local python scripts (daemon, planner, executor). The runtime flow legitimately reads/writes files under ~/.openclaw/workspace/skills/proactive-claw, runs a local daemon, and performs OAuth calls to Google and optional Nextcloud CalDAV only when configured. Note: write access to a dedicated 'Actions' calendar is implemented in code (and the OAuth scope is full calendar access); the claim that writes target only the Actions calendar is a code-level enforcement, not an OAuth-scope restriction.
Install Mechanism: noteThis is instruction-only (no automated install spec). setup.sh prints manual install commands and requires the user to run pip installs using provided requirements files. The requirements files are standard but do not include hash-locked packages (supply-chain risk if you blindly pip install). No downloads from unknown URLs or extract/install steps in the published core bundle were observed.
Credentials: noteNo environment variables are requested. The skill requires credentials.json (Google OAuth client_id/secret) and writes token.json; this is proportionate for Google Calendar integration but is sensitive — credentials.json and token.json contain secrets and should be managed carefully. No unrelated credentials or system-wide secrets are requested.
Persistence & Privilege: okThe skill does not request always:true and defaults to interactive/confirm autonomy. Persistent state is confined to the skill workspace (~/.openclaw/workspace/skills/proactive-claw) and local SQLite files; no system services, sudo, or cross-skill configuration writes were observed.