macOS Calendar
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the request is misunderstood, the agent could add an event, alarm, or recurrence to the wrong calendar or time.
The helper can create Calendar events through AppleScript. This is the stated purpose, but it is still a mutating local action.
tell calendar calName ... set newEvent to make new event with properties {summary:evtSummary, start date:startDate, end date:endDate, description:evtDescription}Review the calendar name, date/time, and recurrence details before allowing event creation, especially for recurring events.
Created events may be added to personal, work, iCloud, Google, or Exchange calendars already configured in Calendar.app.
The script operates through the local user's Calendar.app permissions and writes to whichever writable calendar is selected.
tell application "Calendar" ... if not (writable of calendar calName) then ... tell calendar calName
Choose the intended calendar explicitly and avoid granting Calendar automation access if you do not want the agent to modify local calendar accounts.
Sensitive appointment titles or calendar names could remain in the skill's local log after the event is created.
The skill persistently stores event summaries and calendar names in a local log file.
All actions are logged to `logs/calendar.log` with timestamp, command, calendar, and summary
Avoid putting highly sensitive details in event titles, and clear or protect the log file if local privacy matters.