Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Gcalcli
v0.1.0Interact with Google Calendar via gcalcli
⭐ 0· 3.4k·13 current·14 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (interact with Google Calendar via gcalcli) aligns with the instructions which use gcalcli and OAuth. However the SKILL.md insists on a specific custom fork (github.com/shanemcd/gcalcli@attachments-in-tsv-and-json) to get attachment support; examples hard-code a developer email (smcdonal@redhat.com) and reference local repo paths, which are not part of a generic calendar skill and look like leftover developer-specific configuration.
Instruction Scope
Instructions go beyond simple examples: they tell users to install a custom fork from a VCS URL, run uvx/uv commands, use jq and gcmd, and cd into developer-specific paths (/var/home/shanemcd, /var/home/s). They also extract and export attachment URLs (potentially private Google Drive docs/meeting notes). The skill does not declare or justify these external tools or the filesystem operations, which increases the risk of unexpected behavior or data exposure.
Install Mechanism
Although the registry contains no install spec, the SKILL.md explicitly instructs installing code from a GitHub VCS URL using uvx (pip-style 'git+https' install). Pulling and running a third-party fork from GitHub will execute arbitrary Python code on the host and is a moderate-risk install pattern; the fork is not an official upstream release and the SKILL.md pins a dependency (google-api-core<2.28.0).
Credentials
The skill requests no env vars in registry metadata, which matches the use of interactive Google OAuth described in the doc (browser-based auth, cached credentials). That is proportionate for calendar access. However the SKILL.md does not declare where credentials are cached, and it references other tools (gcmd) and paths that may require additional access or credentials not declared in the skill.
Persistence & Privilege
The skill is not marked always:true and has no install payload in the registry. The only persistence implied is the standard OAuth credential caching described in the doc — this is expected for an OAuth-based calendar client and does not indicate elevated permanent privileges over the agent platform.
What to consider before installing
This skill appears to be an instructions-only wrapper around a custom gcalcli fork, but the SKILL.md contains developer-specific examples and asks you to install code from a third-party GitHub repo. Before installing or running anything: 1) Inspect the GitHub fork (shanemcd/gcalcli@attachments-in-tsv-and-json) yourself — check the code for unexpected network calls or data exfiltration. 2) Be cautious about running the provided shell snippets as-is: they reference another tool (gcmd), uvx/uv, jq, and local paths that likely don't exist on your system. 3) Understand that OAuth will create cached Google credentials — verify where those tokens are stored and revoke them if needed. 4) If you only need basic gcalcli functionality, prefer the official upstream package or vetted releases rather than an unreviewed fork. 5) If you proceed, run commands in a controlled environment (non-root account, sandbox/container) and avoid exposing sensitive data or downloading attachments until you confirm the tool's behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk978kdswrbt9qxgvrk2jbgq0rx808cds
License
MIT-0
Free to use, modify, and redistribute. No attribution required.