Clawlendar
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: clawlendar Version: 0.3.1 The clawlendar skill is a comprehensive calendar interoperability utility designed for AI agents to convert between various systems (Gregorian, Lunar, Islamic, etc.) and normalize timelines. The SKILL.md and _meta.json files describe legitimate functionality for MCP servers, CLI tools, and HTTP APIs, with no evidence of malicious intent, data exfiltration, or prompt-injection attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package will trust external Python code and dependencies beyond the reviewed skill text.
The setup directs users to install the latest external Python package with all optional extras, while the provided artifact set contains only SKILL.md and no reviewed package code.
python3 -m pip install -U "clawlendar[all]"
Install only from the expected package/source, consider pinning a known version, and review the package repository or dependency list before using it in sensitive environments.
Using the skill as documented may start local processes or a server on the user's machine.
The documentation asks users to run installed package commands, a script, and optionally a Dockerized API server. This is expected for the advertised MCP/HTTP calendar service, but it is still local code execution.
clawlendar ... ./scripts/run_api.sh ... docker run --rm -p 8000:8000 clawlendar:mvp
Run these commands only when you intend to start the calendar service, stop the server when finished, and avoid running it with elevated privileges.
If the HTTP API is exposed broadly, other local or network clients may be able to call the calendar conversion endpoints.
The skill supports MCP and HTTP integration for other tools/agents, but the artifact does not describe authentication or network access controls for the API.
Run HTTP API for multi-claw integration: ... FastAPI endpoints: `GET /capabilities`, `POST /convert`, `POST /timeline`, `POST /astro`, `POST /calendar-month`, `POST /day-profile`
Expose the API only to trusted clients or localhost unless you have added appropriate access controls.