ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Trip Calendar

v1.0.0

Add trip itineraries, flights, hotel check-ins, and activities to Google Calendar using gog CLI. Handles "add to calendar" and boarding pass parsing.

0· 381·1 current·1 all-time
bySwayam Gupta@swayamg20
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the declared requirement: the skill adds trip items to Google Calendar and explicitly requires the 'gog' CLI. Asking for the gog binary is proportional and expected for this purpose.
Instruction Scope
Most instructions stay within calendar-creation scope (show exact gog command format, event fields, confirmation rules). The boarding-pass parsing step asks the agent to 'Extract' fields from an image but does not specify how (no OCR tool, no external service, no fallback). Also the rule 'Always use IST (+05:30)' is a behavioral constraint users should be aware of.
Install Mechanism
Instruction-only skill with no install spec or downloaded artifacts; nothing is written to disk by the skill itself. Low installation risk.
Credentials
The skill requests no environment variables or credentials. It relies on the local gog CLI being present and (implicitly) authenticated to the user's Google account — reasonable and proportionate for calendar integration.
Persistence & Privilege
No elevated persistence requested (always is false). Agent invocation autonomy is default and not by itself a concern here.
Assessment
This skill appears to do what it says: it calls your local 'gog' CLI to create calendar events and will only add events after confirmation. Before installing/using it: (1) ensure you have the 'gog' CLI installed and authenticated to the Google account you want to modify — the skill does not request credentials itself; (2) be aware that boarding-pass parsing is underspecified: the agent may rely on built-in vision/OCR or ask you to provide extracted text — confirm how images are handled and whether they are sent to any external OCR service; (3) note the skill forces IST (+05:30) for created events — change may be needed if you want events in another timezone; (4) because boarding passes contain personal data, verify you are comfortable having the agent read those images and confirm calendar additions before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ftjx7py64jf4yy8bsk4pv19823hs9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsgog

Comments