Calendar Hold Sync
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: calendar-hold-sync Version: 1.0.1 The skill is classified as suspicious due to the presence of a `gog.allowCustomCommands` configuration option, which, if enabled by the user, allows overriding `gog` CLI commands with templates. While the documentation in SKILL.md and README.md claims that rendered commands are executed as `argv` tokens (no shell interpolation), this is a critical vulnerability surface if the underlying execution environment's sanitization is imperfect, potentially leading to command injection. Additionally, the `install-cron` command provides a persistence mechanism, which is a high-privilege action, though it is a legitimate feature for a sync service. The skill itself does not contain malicious instructions or attempt to exploit these capabilities, and it explicitly warns users about the risks of enabling custom commands.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to read source calendars and write target calendar holds using your configured Google accounts.
The skill uses existing Google account OAuth access through gog. This is expected for calendar syncing and limited to the calendar service, but it grants access to read and write calendar data for configured accounts.
Require user OAuth already configured for each account used in `mappings`... Run `gog auth add you@gmail.com --services calendar`.
Use only calendar-scoped OAuth, review the mapped accounts/calendars, and test with dedicated calendars before normal use.
A non-dry-run reconcile can add, edit, or remove managed Busy hold events in target calendars.
The core workflow can mutate target calendar events, including deletions of managed stale holds. The dry-run and max-change controls make this purpose-aligned, but the user should notice the mutation authority.
Reconcile idempotently: - Create missing holds. - Update drifted holds. - Delete stale holds. ... Enforce `maxChangesPerRun`. ... Respect `dryRun`.
Run dry-run first, keep maxChangesPerRun conservative, and verify the SYNCV1-managed holds before allowing live changes.
Details from a source calendar may be copied into another calendar account even though the visible hold summary is just Busy.
The skill persists source event metadata, including the event title, into target event descriptions. Base64url is encoding, not encryption, so anyone or any app with access to target event details could decode it.
Store source linkage in hold `description` as: - `SYNCV1:<base64url(JSON)>` JSON fields: - `srcAccount` - `srcCalendar` - `eventId` - `start` - `end` - `title`
Keep target calendars private, avoid shared target calendars, and consider omitting source titles from metadata if they are not required.
Once enabled, scheduled sync may continue changing managed holds without a user manually running each reconcile.
The skill supports ongoing background-style operation through cron and polling watch mode. This is disclosed and fits scheduled calendar sync, but it can keep making calendar changes after setup.
`hold-sync install-cron --mapping <name>|--all` - `hold-sync watch --mapping <name>|--all [--dry-run] [--interval-seconds <n>]` ... Keep periodic scheduled reconcile as fallback even when watch mode is enabled.
Install cron/watch only after dry-run validation, document where it is installed, and know how to disable the scheduled job.
Installers relying only on registry metadata may underestimate the external CLI and account access needed.
The registry metadata does not declare the gog CLI or Google OAuth requirement, even though the skill documentation does. This is an under-declaration/provenance note rather than hidden behavior.
Required binaries (all must exist): none ... Primary credential: none ... Capability signals: No capability tags were derived.
Before installing, confirm gog is the intended CLI, verify its source, and understand that Google Calendar OAuth must be configured separately.