py-googlecalendar-cli
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Google Calendar CLI, but it uses long-lived Google credentials and can create, update, or delete calendar events.
Install this only if you want the agent or CLI to manage your Google Calendar. Protect the OAuth client secret and refresh token, prefer secure environment or secret storage over pasting credentials into chats, and review any create, update, or delete action before letting the agent run it.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the skill could create unwanted events or modify/delete real calendar entries.
The script can create, update, and delete Google Calendar events through authenticated API calls. This matches the stated purpose, but these are account-mutating actions.
result = api_request("POST", url, access_token, body=event) ... result = api_request("PUT", url, access_token, body=event) ... api_request("DELETE", url, access_token)Only allow add, update, or delete commands when you intend them; verify event IDs and requested changes before approving agent-driven mutations.
Anyone or any agent with these credentials may be able to access or modify the configured Google Calendar according to the token's permissions.
The skill requires Google OAuth credentials, including a refresh token, to act on the user's Calendar account.
export GOOGLE_CLIENT_ID=...\nexport GOOGLE_CLIENT_SECRET=...\nexport GOOGLE_REFRESH_TOKEN=...\nexport GOOGLE_CALENDAR_ID=primary
Use the least-privileged OAuth scope and calendar possible, store the secrets securely, and avoid putting refresh tokens in prompts, logs, or shared command history.