ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Google Calendar

v0.1.0

Interact with Google Calendar via the Google Calendar API – list upcoming events, create new events, update or delete them. Use this skill when you need programmatic access to your calendar from OpenClaw.

11· 12.8k·105 current·107 all-time
byAdrian Miller@adrianmiller99
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The stated purpose (Google Calendar API access) matches the included code in general, but required credentials and runtime expectations differ between SKILL.md and the scripts. SKILL.md describes using CLIENT_ID/CLIENT_SECRET/REFRESH_TOKEN and storing secrets via openclaw, while the primary script (scripts/google_calendar.py) expects an environment variable GOOGLE_ACCESS_TOKEN (and optionally GOOGLE_CALENDAR_IDS). This mismatch means the declared setup doesn't actually meet the code's runtime requirements without extra steps.
!
Instruction Scope
SKILL.md's setup instructions reference a module invocation (python3 -m google_calendar.auth) and recommend installing google-auth libraries, but the repository provides scripts named refresh_token.py and google_calendar.py (no google_calendar.auth module) and the scripts use only the standard library (urllib). The README also tells users to store secrets via openclaw secret set, but the refresh_token script writes an access token into ~/.config/google-calendar/secrets.env — a different storage mechanism. These inconsistencies broaden the agent's runtime discretion and could lead to unexpected file writes.
Install Mechanism
No install spec is provided (instruction-only), which is lower risk. The package includes two small Python scripts (no external downloads). There is an incidental pyvenv.cfg file pointing at a user/home path and an openclaw skills path (likely a leftover build artifact) — harmless technically but it leaks a build path and suggests the repository may contain local artifacts.
!
Credentials
SKILL.md asks for CLIENT_ID, CLIENT_SECRET, REFRESH_TOKEN, and GOOGLE_CALENDAR_ID (reasonable for OAuth flows). The runtime code, however, expects GOOGLE_ACCESS_TOKEN (and supports GOOGLE_CALENDAR_IDS). The refresh_token script does require client id/secret/refresh token and exchanges them for an access token, but it persists the access token to ~/.config/google-calendar/secrets.env rather than returning it or storing it where openclaw secrets would. Persisting access tokens to a file in a user's home directory is a disproportionate and unexpected persistence of secrets compared with the SKILL.md's guidance to store secrets in openclaw.
!
Persistence & Privilege
The refresh_token.py script writes (and overwrites) ~/.config/google-calendar/secrets.env with an exported GOOGLE_ACCESS_TOKEN line. That creates on-disk persistence of a credential in the user's home directory and can be unexpected given the README's instruction to use openclaw secret storage. The skill does not request always: true and does not attempt to modify other skills, but the filesystem write is a persistent side effect worth noting.
What to consider before installing
Do not install blindly. Things to verify before using this skill: - Fix the env-var mismatch: the README expects a refresh-token flow but the main script expects GOOGLE_ACCESS_TOKEN at runtime. Decide which approach you want and update the docs/code accordingly. - Confirm how refresh tokens and access tokens are obtained and stored. The included refresh_token.py will write an access token to ~/.config/google-calendar/secrets.env; if you don't want tokens persisted to disk, do not run it or modify it to store secrets in your secret store instead. - The README suggests running python3 -m google_calendar.auth, but no such module exists. Confirm the correct helper to perform OAuth authorization and how to obtain an initial refresh token. - Inspect the scripts locally (they are short) and, if you still want to use them, run them in a restricted environment (non-privileged account) and prefer using your platform's secret storage rather than allowing the script to write credentials to your home directory. - The pyvenv.cfg file reveals a user/build path; that is not harmful by itself but indicates leftover artifacts — ask the publisher for a clean release or for source provenance (who maintains this skill?). If you cannot get clear answers from the skill author (or the README is corrected to align with the code), treat this skill as suspicious and avoid granting it real Google credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk974ssbjy3yv8ms0accztps349809z11

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments