ClawHub

Limehouse Calendar

v1.0.1

Read and write calendar events with granular per-calendar permissions. Users control which calendars an agent can access and whether it can read, create, upd...

0· 113·1 current·1 all-time
byMadeleine Nakada@madeleinenakada
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the declared requirements: a single calendar API key (CAL_API_KEY) and curl are reasonable and expected for an HTTP-based calendar integration.
Instruction Scope
SKILL.md instructs the agent to call endpoints on cal.limehouse.io (setup flow, agent info, list/create/update/delete events). It does not instruct reading unrelated local files, scanning system state, or exfiltrating data to other domains. The setup flow requires creating and polling a session and storing the returned agent_token (the doc does not specify storage semantics).
Install Mechanism
No install spec or code files are included (instruction-only). Nothing is written to disk by an installer, minimizing supply-chain risk.
Credentials
Only one environment variable (CAL_API_KEY) is required and declared as the primary credential. That is proportionate for a calendar API client; no unrelated secrets or config paths are requested.
Persistence & Privilege
always is false (not force-included). disable-model-invocation is false (the agent may call the skill autonomously), which is normal for skills; given the narrow credential scope this is acceptable but users should be aware the agent can act using the provided API key.
Assessment
This skill appears coherent, but before installing: (1) Confirm the domain cal.limehouse.io is legitimate for your environment. (2) Use a least-privilege API key: create a key scoped only to the calendars and permissions the agent actually needs (read-only if appropriate). (3) Be aware the agent will use the CAL_API_KEY to read and modify events; revoke or rotate the key if you suspect misuse. (4) The setup flow returns an agent_token that the instructions say to store—confirm where/how the agent will persist that token and ensure it is stored securely. (5) If you do not want the agent to act autonomously, restrict when and how the agent can access the API key or disable autonomous invocation at the agent/platform level.

Like a lobster shell, security has layers — review code before you run it.

latestvk971v173h0w4rxyyczve2yyewn837f4h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl
EnvCAL_API_KEY
Primary envCAL_API_KEY

Comments