Calendar Manager
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: calendar-manager Version: 1.1.0 The skill is designed for calendar management and uses legitimate CLI tools (gcalcli, icalBuddy, gog). However, the `references/resources.md` file includes detailed instructions and examples for creating cron jobs and Windows scheduled tasks. While presented as informational, this provides the AI agent with the knowledge to establish system-level persistence. This capability, if exploited via prompt injection, could lead to unauthorized backdoor creation, making the skill suspicious due to the inherent risk, despite lacking explicit malicious intent within the skill's instructions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with available calendar tools, the agent could add, change, or delete personal or work calendar entries.
The skill authorizes create/modify/delete actions on calendar data, but the artifact does not define confirmation requirements, scoped targets, or rollback guidance for high-impact calendar mutations.
赋予 AI 日历管理能力: - 读取日历事件 - 创建/修改/删除事件 - 设置提醒
Require explicit user confirmation before every create, modify, or delete action, including the calendar name, event title, time, attendees, reminders, and any deletion impact.
Email contents or meeting invitations could be used to change calendar data or send emails without a clear review step.
The skill proposes coordination with an email-reading skill, automatic event creation from email content, and sending reminder emails, but does not define permission boundaries, data minimization, or user approval for this cross-skill flow.
可以与 email-reader 配合: - 读取邮件中的会议邀请 - 自动创建日历事件 - 发送会议提醒邮件
Treat email-to-calendar automation as opt-in only, show the extracted invitation details to the user, and require approval before creating events or sending any email.
Connecting a calendar account may allow the agent, through the CLI, to read or modify sensitive schedule information.
OAuth or client credentials are expected for Google Calendar access, but the registry metadata declares no required credentials or capability tags, so users need to notice and approve this account access themselves.
# OAuth 登录 gcalcli --oauth2 # 或使用凭据 gcalcli --client-id ID --client-secret SECRET ...
Use trusted calendar tools, prefer least-privilege OAuth scopes where available, and avoid sharing client secrets or tokens outside the intended CLI.
The safety of the calendar CLI depends on the external package source and the version the user installs.
The reference material points users to external package-manager installs. This is purpose-aligned and user-directed, but those packages are outside the reviewed instruction-only skill bundle.
brew install gcalcli # Python pip install gcalcli
Install calendar tools only from trusted sources, verify package names, and keep them updated.
If a user or agent sets up a scheduled task, it could continue running reminders or scripts after the initial interaction.
The reference docs include scheduled-task examples. Scheduled reminders fit the calendar purpose, but persistent jobs should be explicitly enabled, visible, and removable.
$action = New-ScheduledTaskAction -Execute "python.exe" -Argument "script.py" $trigger = New-ScheduledTaskTrigger -Daily -At "8:00AM" Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "DailyTask"
Only create scheduled reminders with explicit user consent, name them clearly, and document how to disable or remove them.