What Should We Do?
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s activity-planning purpose is coherent, but it asks for calendar, messaging, contact-profile, and reminder powers without clear permission boundaries or confirmation safeguards.
Use this skill only if you are comfortable with it storing local preference/contact data and potentially using calendar or messaging tools. Before allowing calendar changes, invites, cancellations, RSVP updates, or cron reminders, make the agent show the exact details and ask for confirmation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misunderstood request could create or delete calendar events or send messages to contacts before the user has reviewed the details.
These are high-impact tool actions: changing a calendar and sending messages to other people. The visible artifact does not require the agent to confirm the exact event, recipients, message text, or cancellation impact before acting.
"put it on the calendar" | Add the accepted plan as a calendar event with reminders ... "send invites" ... Send invite messages to group members via their contact channels ... "cancel the plan" | Remove a planned event and notify attendees
Require explicit confirmation before calendar changes, attendee notifications, RSVP updates, or cancellations; show the event details, recipients, and message text first.
The agent may need access to sensitive account data or messaging authority without the user seeing a clear credential and permission contract up front.
The skill describes delegated access to Google Calendar and messaging channels, but the registry metadata does not declare credentials or scope boundaries for those accounts.
SKILL.md: "calendar integration (Google Calendar + cron reminders), group invites via Telegram/message channels"; metadata: "Primary credential: none" and "Required env vars: none"
Document which accounts, tokens, scopes, and tools are used; prefer least-privilege calendar and messaging permissions and avoid using browser/session credentials implicitly.
Anyone or anything with access to the workspace may be able to read personal preferences, social contacts, and activity history.
The skill intentionally persists personalization data, including group member contact details, dietary/alcohol preferences, favorites, blacklists, and history. This is purpose-aligned but sensitive.
All user data lives in `<workspace>/data/whatdo/` ... `preferences.json` | Learned preferences, streaming services, game library, groups, favorites, blacklists, routines, and all personalization data
Review what is stored, avoid adding sensitive contacts unless needed, and periodically delete or prune `data/whatdo/preferences.json` and `history.json`.
Reminder jobs could keep running until removed, depending on how the agent implements them.
Cron reminders imply scheduled behavior that may persist after the immediate planning task. The visible artifact does not define lifecycle, cleanup, or limits, though reminders are related to the skill’s purpose.
calendar integration (Google Calendar + cron reminders)
Only allow cron or scheduled reminders after explicit approval, and keep a visible list of created jobs with an easy removal command.