Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Appointment Manager
v1.0.0Books, tracks, and reminds you of appointments through online booking or phone-call scripts, managing the full appointment lifecycle and reminders.
⭐ 0· 68·0 current·0 all-time
byNico Lumma@rednix
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The described purpose (booking, tracking, reminding) reasonably requires web/browser automation, access to a calendar, and a delivery channel for reminders. The SKILL.md explicitly states it requires 'lobstrkit with Exine browser' and calendar/channel configuration, but the registry metadata lists no required binaries, no required env vars, and no required config paths — that mismatch is concerning. The skill also references a homepage URL in SKILL.md although the registry lists none.
Instruction Scope
Runtime instructions tell the agent to read and write local skill files (appointments.md, providers.md, config.md), read USER.md, use web_search/web_fetch and a browser to navigate booking systems, fill forms (including personal data like name and DOB), and register cron jobs whose payloads read appointments.md and announce messages to channels. Those actions go beyond a simple search-and-suggest skill and include persistent file creation and scheduled autonomous actions; yet the metadata does not declare the config/permissions needed to do those things.
Install Mechanism
This is an instruction-only skill with no install spec and no files other than SKILL.md. There is nothing being downloaded or written during install by a package manager, which minimizes install-time risk. The runtime behavior (writing files, scheduling jobs) is described in SKILL.md and is the main surface to assess.
Credentials
The instructions rely on external integrations (Google Calendar sync, delivery 'channels' and targets) and on reading USER.md and storing potentially sensitive appointment details (addresses, DOBs, confirmation numbers). However, the skill declares no required credentials or config entries for calendar or messaging channels. Asking for or using calendar and channel credentials without declaring them is disproportionate and opaque.
Persistence & Privilege
The skill does not set always:true (so it won't be force-included), but SKILL.md instructs the agent to register persistent cron jobs that will run later and perform autonomous actions (reading appointments.md and delivering reminders). Autonomous scheduled actions are expected for a reminder skill, but combined with the metadata omissions and unclear channel/calendar authorization, this persistence increases the potential blast radius if misconfigured or abused.
What to consider before installing
Do not install yet. Ask the publisher for clarification and updated metadata: 1) confirm the required runtime tools (lobstrkit/Exine browser) and update required binaries/tools; 2) declare exactly what credentials/config are needed (Google Calendar OAuth, messaging channel IDs/targets) and how those are stored/secured; 3) explain where appointment and user data (appointments.md, USER.md) are stored and who can access them; 4) confirm the homepage/source and whether the skill will autonomously register scheduled jobs and what those jobs can do. If you proceed, restrict channel/ calendar access to minimum scopes, review the created files for sensitive data, and verify scheduled jobs (IDs, payloads, delivery targets) before enabling them.Like a lobster shell, security has layers — review code before you run it.
latestvk976qc6e0jps0bsht5rgvhfb8s83th3p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.