ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Calctl

v1.2.9

Command-line tool for macOS Sonoma that manages Apple Calendar events using EventKit with create, list, edit, and delete capabilities.

1· 96·0 current·0 all-time
byChristian Teo@christianteohx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (macOS Calendar CLI using EventKit) matches the SKILL.md. The README-style instructions focus on installing and running a native calctl binary (Homebrew, GitHub release, or build from source). No unrelated credentials, config paths, or binaries are requested. (Minor metadata inconsistency: registry metadata listed no homepage, while SKILL.md provides a GitHub repo URL.)
Instruction Scope
SKILL.md only instructs how to obtain, build, and run the calctl CLI and how to grant macOS Calendar permission (Terminal). It does not ask the agent to read unrelated files, environment variables, or send data to unexpected endpoints. The instructions do reference writing the binary to ~/bin and running Terminal, which is expected for a native CLI.
Install Mechanism
There is no platform install spec in the registry (instruction-only). The SKILL.md recommends Homebrew (a third-party tap) or direct curl from a GitHub Releases URL. Pulling and executing a third-party native binary is a normal way to install a CLI but carries standard risks: unreviewed third-party brew taps and downloaded binaries should be verified (checksums/signatures) or built from source when possible.
Credentials
No environment variables, credentials, or config paths are requested. The only permission implied is the macOS Calendar privacy grant (OS-level) required for EventKit access, which is proportionate to the stated functionality.
Persistence & Privilege
Skill is instruction-only, always:false, and does not request persistent platform privileges or modify other skills. Autonomous invocation is allowed by default but that is normal; this skill does not request elevated or cross-skill privileges.
Assessment
This skill is internally consistent with its stated purpose: it tells you how to install and run a native macOS calendar CLI that will prompt macOS to grant Calendar access. Before installing, verify the upstream source: check the GitHub repo and release artifacts, prefer building from source if you don't trust the binary, and verify checksums or signatures if available. Be cautious about adding a third-party Homebrew tap or running curl to download an executable directly. Granting Calendar permission to Terminal (or whatever shell you run it in) gives any binary run there access to your calendar data, so only proceed if you trust the calctl project.

Like a lobster shell, security has layers — review code before you run it.

calendarvk971gk5txbn0gx7dwfj0gyh62d84mqyjlatestvk978kjwj82xwpge6ja3x6eraxx84ypqemacosvk971gk5txbn0gx7dwfj0gyh62d84mqyj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments