Back to skill
Skillv1.13.1
ClawScan security
Email To Calendar · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 8:46 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, scripts, and runtime instructions are coherent with its stated purpose (extracting events from emails and creating calendar entries); nothing in the package asks for unrelated credentials or installs arbitrary remote code, but it does read/write user config and workspace files and expects email/calendar access.
- Guidance
- This package is internally consistent with its stated purpose, but before enabling it you should: (1) Review the scripts (create_event.sh, email_read.sh, calendar_ops.py) to confirm they will call the calendar/email provider you expect (the code references a gog CLI by default). (2) Ensure your agent/platform grants only the email/calendar capabilities required (prefer granting read-only inbox scanning + calendar create/update rather than broad account credentials). (3) Prefer 'forwarded' mode if you want to avoid continuous inbox scanning. (4) Note the skill creates and updates files under ~/.openclaw/workspace/memory/ and ~/.config/email-to-calendar/, and it can auto-mark emails read/archive — check config defaults (email_handling.*) before running. (5) If you store sensitive links in emails, be conscious that the skill intentionally extracts and includes URLs in event descriptions. If anything looks unexpected in the scripts or you cannot verify provider calls, do not enable automatic/unsupervised operation until you inspect or sandbox the skill.
Review Dimensions
- Purpose & Capability
- okName/description match the actual files and behavior: many wrapper scripts and Python utilities implement email reading, extraction, duplicate detection, event creation, disposition, pending invites, changelog/undo, and activity logging. package.json declares required capabilities (read_email, create_calendar_event, update_calendar_event) and required binaries (python3, bash, jq) which align with the implementation.
- Instruction Scope
- noteSKILL.md and BOOT.md instruct the agent to read emails, load ~/.config/email-to-calendar/config.json, check memory files under ~/.openclaw/workspace/memory/, update HEARTBEAT.md, and present events for explicit user confirmation. Those actions are within the skill's purpose, but the instructions do direct reads/writes to multiple user files (memory, config, heartbeat) and require scanning emails and extracting URLs (which may include sensitive links). The agent is also instructed to send notification emails via the provider CLI when configured.
- Install Mechanism
- okThere is no install spec (instruction-only install), and code files are bundled with the skill. No remote downloads or extract-from-URL steps are present. Scripts rely on local Python and shell, which is proportionate to the task.
- Credentials
- okThe skill metadata does not request unrelated environment variables or secrets; it instead relies on platform-provided capabilities (email/calendar access) and local config files. The set of files and permissions the skill uses (config.json, memory directory, HEARTBEAT.md) are reasonable for an email→calendar automation tool.
- Persistence & Privilege
- notealways:false (no forced presence). The skill writes to its own memory and changelog under ~/.openclaw/workspace/memory/email-to-calendar/ and may append sections to HEARTBEAT.md per BOOT.md guidance. This is normal for a persistent assistant feature, but be aware it maintains a silent activity log and changelog/undo state in user workspace directories.