appointment-scheduler
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: appointment-scheduler Version: 1.0.0 The skill bundle is primarily benign, implementing an appointment scheduler with calendar integration and reminder features. However, the `scripts/cancel-booking.js` file uses `child_process.execSync` to call another script (`waitlist.js`) with a `bookingId` argument. While `bookingId` is internally generated as a hex string, the use of `execSync` with a variable is a shell injection vulnerability pattern. If an attacker could manipulate the `bookingId` (e.g., via a prompt injection against the agent that then passes a malicious string), it could lead to arbitrary command execution. Additionally, `scripts/sync-google-calendar.js` accesses `~/.secrets/google-calendar-credentials.json` and `~/.secrets/google-calendar-token.json`, which are sensitive files, though this access is explicitly for the stated purpose of Google Calendar integration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a crafted booking ID reaches this path, canceling with waitlist notification could run unintended shell commands under the user’s account.
bookingId comes from command-line arguments and is inserted into a shell command string without validation or an argument array.
const output = execSync(`node "${scriptPath}" notify --booking-id ${bookingId}`, {Replace execSync shell strings with execFile/spawn using an argument array, or import waitlist logic directly; also validate booking IDs with a strict pattern such as hexadecimal-only.
A malformed date containing path traversal sequences could read or write JSON files outside the intended appointments directory, potentially corrupting workspace configuration or data.
The user-supplied date argument is used directly in a filesystem path; similar date-based path construction appears in booking/schedule scripts.
const filePath = path.join(DATA_DIR, `${date}.json`);Require dates to match YYYY-MM-DD, reject path separators and '..', and after resolving the path verify it remains inside the intended data directory.
Calendar sync can add customer appointment details to the user’s Google Calendar and the stored token may grant broad calendar access.
The Google Calendar integration uses local OAuth credential/token files and requests broad Calendar API access.
const CREDENTIALS_PATH = path.join(process.env.HOME, '.secrets', 'google-calendar-credentials.json'); ... scope: ['https://www.googleapis.com/auth/calendar']
Use a dedicated calendar if possible, protect the ~/.secrets token files, and consider a narrower Google Calendar scope if the implementation only needs event creation.
Customer names, phone numbers, emails, attendance history, and reminder status may remain in local workspace files across sessions.
The skill persistently stores customer appointments, contacts, no-show history, flagged-customer records, and reminder logs.
data/appointments/ ... bookings/ ... waitlist/ ... noshow/history.json ... flagged-customers.json ... reminders/sent.json
Treat the workspace data as sensitive, set retention/deletion practices, and avoid storing more customer details than the business needs.
If the user installs the cron entries, the skill’s reminder or sync scripts will keep running on a schedule until removed.
The documentation suggests user-configured cron jobs for recurring reminders and calendar sync.
0 9 * * * cd /Users/mupeng/.openclaw/workspace/skills/appointment-scheduler/scripts && node send-reminders.js --type day-before
Only add cron jobs intentionally, review what messages or calendar updates they trigger, and remove the cron entries when the skill is no longer used.
Installing npm packages is expected for these Node scripts, but it pulls third-party code into the local environment.
The skill is listed as having no install spec, but its setup guide asks the user to install npm dependencies; package.json and package-lock.json are present.
cd /Users/mupeng/.openclaw/workspace/skills/appointment-scheduler/scripts npm install
Run npm install only from the reviewed scripts directory, keep the lockfile, and review dependency updates before accepting them.