ClawHub

macOS Calendar

v1.2.0

Create, list, and manage macOS Calendar events via AppleScript. Use when the user asks to add a reminder, schedule an event, create a calendar entry, set a d...

4· 6.7k·73 current·76 all-time
byLuca@lucaperret
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation. Required binaries (osascript, python3) are appropriate for AppleScript-driven Calendar automation and JSON parsing. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions and the script stay within the stated purpose (listing calendars, creating events via AppleScript). There are no network endpoints or unexpected data exfiltration. One privacy note: the script writes an append-only log (logs/calendar.log) containing timestamp, command, calendar, and summary — this can store sensitive event titles/descriptions locally and should be considered before installing.
Install Mechanism
No install spec (instruction-only with an included shell script). This is low-risk because nothing is fetched from remote URLs or installed system-wide by the skill itself.
Credentials
The skill requests no credentials or special environment variables. It uses SKILL_DIR (if present) to place logs; otherwise logs are written relative to the script location. No unrelated secrets or config paths are accessed.
Persistence & Privilege
always:false and no system-wide configuration changes. The script will open Calendar.app if not running and writes a local log; it does not modify other skills or request persistent elevated privileges.
Assessment
This skill appears to do exactly what it claims — manipulate your local Apple Calendar via osascript — and it does not contact external services or request credentials. Things to consider before installing: (1) Calendar access: macOS will prompt you to allow Calendar access to the runner; only grant if you trust the skill. (2) Local logs: the skill appends event metadata (title, calendar, timestamp) to logs/calendar.log under SKILL_DIR or the script parent path — if event titles/descriptions are sensitive, either relocate/secure or remove logging. (3) Data handling: the script passes user fields safely to AppleScript (argv) to avoid injection; however there is a small implementation quirk in the Python coercion of all_day (string values like "false" could be treated truthy) — prefer sending boolean JSON true/false. (4) Verify binaries: ensure osascript and python3 are the expected system binaries. If you want extra assurance, inspect the script yourself (it's included) and run it in a sandboxed/non-production account first.

Like a lobster shell, security has layers — review code before you run it.

latestvk976hmkjzyn0742revv249hxfx81bzfa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📅 Clawdis
OSmacOS
Binsosascript, python3

Comments