Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Calendar Sync
v1.0.0구조화된 문서 데이터에서 날짜 정보(마감일, 일정, 이벤트)를 추출하여 Apple 캘린더에 자동 등록하는 스킬. 문서에서 추출한 일정을 캘린더에 자동 반영한다.
⭐ 0· 6·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, required binary (python3), macOS restriction, and the provided Python script all align with an Apple Calendar sync skill. The script only needs an iCalendar library and either writes an .ics file or uses osascript to create events—these are coherent with the stated purpose.
Instruction Scope
SKILL.md (and included system-prompt.md / chatgpt-prompt.md) give explicit runtime steps: generate .ics, or on macOS run AppleScript via osascript. That scope is appropriate, but a static-scan flag detected 'system-prompt-override' patterns: the package includes system/chat prompts which can alter agent behavior. Including prompts in a skill is common, but they should be reviewed because they can change how an agent operates.
Install Mechanism
No install spec (instruction-only) — lowest risk. The Python code requires the third-party 'icalendar' package (pip). The skill does not auto-download arbitrary archives or run remote installers; however, the dependency must be installed manually (SKILL.md/system-prompt recommends 'pip install icalendar').
Credentials
The skill requests no credentials, env vars, or config paths. The code operates on a local structured_results.json and writes an .ics file or invokes local AppleScript. There are no external network endpoints or secret access in the code. Notion/URL fields are treated as data for event descriptions only (no Notion API calls).
Persistence & Privilege
Skill is user-invocable and not always-enabled; it does not request persistent/system-wide privileges and does not modify other skills. It writes an .ics file to the same directory as the input and may invoke osascript to modify the local Calendar app (macOS will prompt for Calendar access).
Scan Findings in Context
[system-prompt-override] unexpected: The repository includes system-prompt.md and chatgpt-prompt.md and the SKILL.md contains prompt-like sections. Providing prompts is normal for skills, but 'system-prompt-override' patterns can be used to change agent behavior; review these files before granting the skill autonomy.
Assessment
What to check before installing:
- Review system-prompt.md and chatgpt-prompt.md to ensure the provided prompts do only what you expect (they can influence the agent's behavior).
- The Python script is local and does not contact external servers; it reads the provided structured_results.json and either writes an .ics file or runs osascript to add events to Calendar. If you prefer less automation, run in 'ics' mode (generate file) instead of 'applescript'.
- You must install the 'icalendar' Python package manually (pip install icalendar). Confirm the package source and version if you have policies about third-party packages.
- On macOS, running AppleScript via osascript will prompt for Calendar access; grant only if you trust the code. Consider running the script on a test dataset first to verify events created as expected.
- If you are uncomfortable with embedded prompts or automatic calendar writes, keep the skill manual: use the script to create .ics files and import them yourself rather than enabling automated AppleScript registration.system-prompt.md:1
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk976hnf36azmy1q8rj74m717ch84a3n5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📅 Clawdis
OSmacOS
Binspython3