ClawHub

ics to exchange-blocker

v1.0.0

Sync any ICS/iCal calendar to Microsoft Exchange as blocked time slots — supports recurring events, change detection, and privacy-preserving sync

0· 142·0 current·0 all-time
by@blucaru

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for blucaru/block-on-exchange.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "ics to exchange-blocker" (blucaru/block-on-exchange) from ClawHub.
Skill page: https://clawhub.ai/blucaru/block-on-exchange
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: CALINT_ICS_URL, CALINT_MS_CLIENT_ID, CALINT_MS_TENANT_ID
Required binaries: python3
Config paths to check: ~/.calintegration/.env
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install block-on-exchange

ClawHub CLI

Package manager switcher

npx clawhub@latest install block-on-exchange
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (python3), required env vars (ICS URL + Azure client/tenant IDs), and the files (Python code + installer) are all consistent with a macOS tool that reads an ICS feed and writes events to Microsoft Graph.
Instruction Scope
SKILL.md and the code limit behavior to fetching an HTTPS ICS feed, computing time slots, and creating/updating/deleting 'Blocked' events on Microsoft Graph. It runs a local browser-based OAuth flow (opens browser and listens on 127.0.0.1:8400) and writes local state under ~/.calintegration. Minor mismatches: the code reads an additional env var CALINT_GOOGLE_ICS_URL as a fallback (not declared in metadata), and the installer suggests installing a launchd job for periodic sync — both are reasonable but worth noting to users.
Install Mechanism
There is no packaged installer declared to the registry, but the included install.sh creates a Python venv and runs pip install -r requirements.txt (public PyPI packages). This is a standard, low-to-moderate-risk install mechanism (no downloads from unknown servers, no extracted archives from arbitrary URLs).
Credentials
Requested environment variables (CALINT_ICS_URL, CALINT_MS_CLIENT_ID, CALINT_MS_TENANT_ID) are appropriate for this functionality. The code also accepts CALINT_GOOGLE_ICS_URL as an undocumented fallback, which is minor but should be documented. Tokens and state are stored locally under ~/.calintegration with restrictive permissions as advertised.
Persistence & Privilege
The skill does not request elevated or global agent privileges. It can optionally install a macOS launchd plist to run every 5 minutes (installer gives instructions) — this is a user action and not forced by the skill metadata (always:false). Files and tokens are stored only in the user's home directory.
Assessment
This skill appears to do what it says, but check the following before installing: - Only add ICS feed URLs you trust: the feed may contain private information or a secret token in the URL. The tool reads that URL and will push 'busy' events to your Exchange account. - The Azure app needs Calendars.ReadWrite delegated permission; you must register it and sign in interactively (the tool opens a browser and runs a local HTTP listener for the OAuth redirect). - Install creates ~/.calintegration and stores .env and ms_token.json there with chmod 600; verify you’re comfortable with local storage and the path. - The installer proposes creating a launchd job to run every 5 minutes — do not install the plist if you do not want periodic background sync. - Note: the code also checks CALINT_GOOGLE_ICS_URL as a fallback for the ICS feed (this env var is not listed in the registry metadata) — if you use environment variables, be aware of this extra name. If you want extra assurance, review the included Python files locally (they are bundled) and run setup manually rather than enabling the launchd job immediately.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

OSmacOS
Binspython3
EnvCALINT_ICS_URL, CALINT_MS_CLIENT_ID, CALINT_MS_TENANT_ID
Config~/.calintegration/.env
Primary envCALINT_ICS_URL
latestvk9760cf5zdwtbrs2raf2h8nvw183dhyq
142downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
macOS
@blucaru
latest
Download

CalIn — ICS Calendar to Exchange Sync

Sync busy time from any ICS/iCal calendar to Microsoft Exchange as "Blocked" slots. Works with Google Calendar, iCloud, Outlook.com, Nextcloud, Fastmail, Proton Calendar, or any CalDAV server that publishes an ICS feed.

When to Use This Skill

  • User asks to sync calendars, block time, or mirror busy slots
  • User wants personal calendar events to block time on their work calendar
  • User asks to check sync status or clear synced events
  • Scheduled background sync via Heartbeat (recommended: every 5-30 minutes)

What It Does

  • Fetches events (including recurring) from any HTTPS ICS feed
  • Creates/updates/deletes corresponding "Blocked" events on Exchange via Microsoft Graph API
  • Tracks synced events with a local mapping file — only touches what changed
  • Privacy-preserving: only syncs time slots, never event titles, descriptions, or attendees

Setup

1. Install dependencies

Requires Python 3.12+.

cd ~/.openclaw/skills/calin
bash install.sh

This creates a Python venv and installs icalendar, msal, recurring-ical-events, and requests.

2. Configure credentials

Add to ~/.calintegration/.env (created by installer with chmod 600):

CALINT_ICS_URL=<your-ics-feed-url>
CALINT_MS_CLIENT_ID=<azure-app-client-id>
CALINT_MS_TENANT_ID=<azure-app-tenant-id>
# Optional: sync to a specific Exchange calendar (defaults to primary)
# CALINT_MS_CALENDAR_ID=<calendar-id>

Where to find your ICS URL:

ProviderLocation
Google CalendarSettings > your calendar > Integrate > "Secret address in iCal format"
iCloudCalendar app > right-click calendar > Share > Public Calendar > copy URL
Outlook.comSettings > Calendar > Shared calendars > Publish > ICS link
NextcloudCalendar > three-dot menu > Copy subscription link
FastmailSettings > Calendars > Share/export > ICS URL

Azure AD app (free, no client secret needed):

  1. Go to https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
  2. New registration > Name: "CalIn" > Redirect URI: Public client > http://localhost:8400
  3. API permissions > Add > Microsoft Graph > Delegated > Calendars.ReadWrite
  4. Copy Application (client) ID and Directory (tenant) ID

3. Authenticate Microsoft

cd ~/.openclaw/skills/calin
venv/bin/python main.py setup

This opens a browser for one-time Microsoft login. Tokens are cached locally.

Commands

Run these from the skill directory:

CommandWhat it does
venv/bin/python main.py syncRun one sync cycle
venv/bin/python main.py statusShow last sync time and event count
venv/bin/python main.py clearRemove all synced events from Exchange
venv/bin/python main.py setupRe-run authentication setup

Automated Sync (macOS)

The installer generates a launchd plist for automatic sync every 5 minutes:

cd ~/.openclaw/skills/calin
bash install.sh
cp com.calintegration.sync.plist ~/Library/LaunchAgents/
launchctl load ~/Library/LaunchAgents/com.calintegration.sync.plist

How It Works

  1. Fetches the ICS feed and expands all recurring events within a 14-day window
  2. Compares against the local event map (previous sync state)
  3. For each event:
    • New: Creates a "Blocked" event on Exchange
    • Changed (time moved): Updates the Exchange event
    • Deleted from source: Deletes the Exchange event
  4. Saves updated event map and last sync timestamp

Change detection uses a hash of start time + end time + all-day flag. Only changed events trigger API calls.

Security and Privacy

  • Credentials stored in ~/.calintegration/.env with chmod 600 permissions
  • Tokens stored in ~/.calintegration/ms_token.json with chmod 600 permissions
  • All files in ~/.calintegration/ directory with chmod 700
  • No event details synced — only time slots are transmitted. Event titles, descriptions, attendees, and locations are never sent to Exchange
  • HTTPS only — ICS URLs must use HTTPS; Graph API calls use TLS with certificate verification
  • No client secret — uses PKCE (Proof Key for Code Exchange) for Microsoft auth
  • ICS URL validated — rejects non-HTTPS schemes to prevent SSRF
  • API path IDs validated — prevents injection in Graph API endpoint construction
  • All HTTP requests have 30-second timeouts to prevent hanging

External endpoints called

EndpointPurposeAuth
Your ICS URL (HTTPS)Read calendar eventsURL contains secret token
login.microsoftonline.comMicrosoft OAuth token exchangePKCE flow
graph.microsoft.com/v1.0Create/update/delete Exchange eventsBearer token

Data flow

ICS Feed (read-only) --> [CalIn on your machine] --> Microsoft Graph API (write)
                              |
                     ~/.calintegration/ (local state)

No data is sent to any third party. All processing happens locally.

Comments

Loading comments...