ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

calendar-scheduling

v0.9.1

Schedule meetings, check availability, and manage calendars across Google, Outlook, and CalDAV. Routes to focused sub-skills for datetime resolution and cale...

2· 1.1k·6 current·6 all-time
byBilly Lui@billylui
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill name and description (calendar scheduling across Google/Outlook/CalDAV) align with the declared requirements: it needs a local MCP server binary and OAuth credentials stored under ~/.config/temporal-cortex/. However registry metadata at the top of the package record says Source: unknown and Homepage: none while the SKILL.md includes a homepage and repo links — this metadata mismatch is an inconsistency that should be resolved before trust is assumed.
Instruction Scope
SKILL.md is instruction-only and stays within scheduling tasks (list_calendars, resolve_datetime, book_slot, etc.) and explicitly limits filesystem access to ~/.config/temporal-cortex/. It does not instruct reading other system files or extra env vars. The remaining concern is that the instructions rely heavily on a shipped MCP binary — the binary's runtime behavior (network endpoints, telemetry, exact FS access) is asserted in the SECURITY-MODEL.md but cannot be verified from the instruction text alone.
!
Install Mechanism
Installation comes from an npm package (@temporal-cortex/cortex-mcp@0.9.1) that creates a cortex-mcp binary. Installing and running a third‑party native binary from npm is a moderate-to-high risk operation because the package can execute arbitrary code and make network calls. SKILL.md mentions Docker as an alternative (safer containment) but the primary install path uses npx/node. The package source is claimed (GitHub) in SKILL.md, but the registry metadata earlier reported 'Source: unknown' — this discrepancy should be reconciled and the actual npm package contents and release provenance audited before installing.
Credentials
No environment variables are requested, which is reasonable. The skill declares two required config paths (~/.config/temporal-cortex/credentials.json and config.json) — that is proportional for a calendar tool that must store OAuth tokens and settings. The main risk is that those files will contain sensitive OAuth tokens; the SECURITY-MODEL claims no other files are accessed and that platform mode does not include credential data in server calls, but those are assertions tied to the MCP binary implementation and should be verified.
Persistence & Privilege
always:false (normal). The skill is user-invocable and allows autonomous invocation (platform default). That is expected for a scheduling skill, but because the installed MCP binary can create events (book_slot) and may make network calls, autonomous invocation increases blast radius — ensure confirmation flows and platform mode are configured to your preference before allowing autonomous runs.
What to consider before installing
This skill is internally coherent for calendar scheduling but depends on installing and running an MCP binary from npm that will store OAuth tokens under ~/.config/temporal-cortex/. Before installing: 1) Verify the npm package and GitHub repository: inspect the package contents, release tags, and maintainers on npm/github; prefer installing via Docker if available to contain the binary. 2) Confirm the registry metadata (source/homepage) — metadata mismatch is a red flag. 3) Treat ~/.config/temporal-cortex/credentials.json as sensitive: create it only after reviewing the binary and avoid reusing high-privilege account tokens. 4) If you need strict privacy, run the MCP server in an isolated environment (Docker or VM) and keep Platform Mode off unless you explicitly need cross-user features. 5) If you cannot audit the binary, do not install it into a production environment or a machine with other sensitive accounts. If you want, I can enumerate the concrete commands to inspect the npm package and GitHub repo before you install.

Like a lobster shell, security has layers — review code before you run it.

latestvk976h6464hzf97s4jmw4amy5t982mf9h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnpx
Config~/.config/temporal-cortex/credentials.json, ~/.config/temporal-cortex/config.json

Install

Node
Bins: cortex-mcp
npm i -g @temporal-cortex/cortex-mcp@0.9.1

Comments