Calendar
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: brainz-calendar Version: 1.0.0 The skill bundle is designed to manage Google Calendar events using `gcalcli`. The `SKILL.md` file provides clear instructions for installation via `pip install gcalcli` and examples for listing, creating, and deleting events, all of which are standard operations for the tool. There is no evidence of prompt injection attempts, data exfiltration, malicious execution, or other high-risk behaviors across any of the provided files. All content is aligned with the stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may help change or remove real calendar events if the user invokes those workflows.
The skill documents commands that can create and delete Google Calendar events. This is aligned with the stated purpose, but it is still account-data mutation that should be user-directed.
gcalcli add --title "Team sync" --when "2026-02-04 10:00" --duration 30 ... gcalcli delete "Team sync"
Confirm the calendar, event title, date/time, and deletion target before allowing create or delete commands.
Calendar credentials could allow reading, creating, or deleting events through the configured calendar account.
The skill requires credentials or account connection details for calendar access. That is expected for a calendar integration, but it grants access to private calendar data and event mutation.
Requires `GOOGLE_CALENDAR_API_KEY` (or `CALDAV_URL`/`CALDAV_USER`/`CALDAV_PASS` for CalDAV).
Use the least-privileged calendar account or credential available, avoid sharing raw passwords when possible, and revoke credentials if the skill is no longer needed.
Installing the wrong or compromised package could affect the local environment where the skill is used.
The skill depends on installing an external pip package. This is central to the stated purpose, but users should ensure they install the legitimate package from a trusted source.
pip install gcalcli
Install gcalcli from a trusted package index, consider pinning a known-good version, and review the package source if operating in a sensitive environment.