Calendar Reminder 日历提醒
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: calendar-reminder Version: 1.0.0 The skill is classified as suspicious due to significant prompt injection vulnerabilities. The `SKILL.md` file registers a cron job using `--system-event` with a direct command string, which, while intended to execute the skill's own script, demonstrates a potential prompt injection vector against the OpenClaw agent. More critically, the `calendar_reminder.py` script constructs messages for `openclaw cron add --message` and `openclaw message send -m` using unsanitized calendar event subjects (`ev['subject']`). This allows an attacker who can control calendar event subjects to potentially inject arbitrary commands or instructions into the OpenClaw agent, leading to unauthorized actions. There is no clear evidence of intentional malicious behavior such as data exfiltration or unauthorized persistence.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your Outlook calendar details could be sent to someone else's Feishu account if you run the skill before changing the hardcoded open_id.
The script sends generated reminder or summary text to a fixed Feishu user ID. That text is built from Outlook calendar events, including event subjects and times, so a missed configuration step could send private calendar details to an unintended recipient.
"openclaw", "message", "send", "--channel", "feishu", "--target", "user:ou_159cbb6a3791ff5a98f3a2a4b38e7d4c", "-m", text
Before running or scheduling the skill, replace the hardcoded Feishu target with your own verified open_id or change the script to require the recipient from user configuration instead of source code.
The skill will keep scanning your calendar nightly until the cron job is removed or disabled.
The documented setup creates a persistent nightly scheduled task that runs the Python script automatically. This matches the reminder purpose, but it is background automation that continues after installation.
openclaw cron add --name "calendar-daily-scan" --cron "0 22 * * *" --tz "Asia/Shanghai" --session main --system-event "CALENDAR_SCAN: 请立即运行 python3 ~/.openclaw/workspace/skills/calendar-reminder/calendar_reminder.py 并等待完成"
Only add the cron job if you want ongoing automation, and keep the cron name so you can remove it later if needed.
Calendar access depends on another local skill/helper, so this review cannot confirm how Outlook credentials or calendar data are handled there.
The skill executes an external owa-outlook helper that is not included in this artifact set. The dependency is disclosed and purpose-aligned, but its code and provenance are outside this review.
SKILL_DIR = Path.home() / ".agents/skills/owa-outlook" subprocess.run(["python3", str(SKILL_DIR / "owa_calendar.py"), "--tomorrow", "--json"],
Install owa-outlook only from a trusted source and review its calendar/credential handling before enabling this reminder skill.
Event titles may remain in local OpenClaw cron/reminder state and then be sent through Feishu.
Calendar event subjects and times are stored into scheduled reminder messages until those reminders run. This is expected for reminders, but it means private calendar text is persisted in the scheduling system.
msg = f"📅 提醒(2小时后):{ev['_start_sh']} {ev['subject']}"
add_once_cron(remind_dt, msg)Avoid using this skill for highly sensitive calendars unless you are comfortable with event titles being stored in reminder jobs and delivered over Feishu.