Google Calendar (via gogcli)
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read sensitive calendar details across calendars and can create, update, delete, or RSVP to events if the user confirms.
The skill can use the configured Google Calendar account broadly across calendars and can mutate events, although the write workflow requires explicit confirmation.
MUST query all calendars: `gog calendar events --all ...`; ... `Writes (create/update/delete/RSVP)` ... ask for explicit “yes”
Make sure gogcli is authenticated to the intended Google account, review any requested calendar permissions, and only approve writes after checking the summarized details.
Installing gogcli gives the local environment a third-party tool that will be used to access Google Calendar.
The skill points users to install an external CLI via a Homebrew tap. This is central to the skill's purpose, but users should still verify the package source.
"install":[{"id":"brew","kind":"brew","formula":"steipete/tap/gogcli","bins":["gog"]}]Install gogcli only from a trusted source, review the upstream project if needed, and keep it updated.
Calendar answers could leave out events if the stored exclusion preference is wrong or outdated.
Persistent preferences or memory can affect which calendars are filtered from results, so stale or incorrect memory could omit relevant events.
First, check the user’s preferences/memory for an explicit “exclude calendars” list.
Ask the agent to state which calendars were filtered, and update or clear calendar-exclusion preferences if results look incomplete.