ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Calendar Guard

v1.0.0

Workflow-driven skill that autonomously defends your schedule to manage cognitive load and prevent burnout.

0· 21·1 current·1 all-time
by@zvirb

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zvirb/calendar-guard.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Calendar Guard" (zvirb/calendar-guard) from ClawHub.
Skill page: https://clawhub.ai/zvirb/calendar-guard
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install zvirb/calendar-guard

ClawHub CLI

Package manager switcher

npx clawhub@latest install calendar-guard
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose is to read from and create events in Google Calendar, but the metadata declares no required credentials, no primary credential, and no required config paths. Accessing Google Calendar normally requires OAuth credentials or an existing calendar integration; the lack of any declared auth or dependency is inconsistent with the claimed capability.
!
Instruction Scope
SKILL.md instructs the agent to call three sub-agents: gworkspace_calendar_find, llm_identify_conflicts, and gworkspace_calendar_create. It does not specify how those sub-agents are provided, what scopes they use, or where calendar data is sent for analysis. In particular, using llm_identify_conflicts could send private calendar details to an external LLM or service; data flow and retention are unspecified.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is nothing being downloaded or written to disk by the skill itself.
!
Credentials
No environment variables or credentials are declared despite the skill performing calendar reads and writes. This is disproportionate — at minimum the skill should declare needed Google/Workspace credentials or clearly state it relies on another installed integration. The absence of declared secrets or scopes prevents review of the privileges the skill would require.
Persistence & Privilege
always is false (good). The skill allows autonomous invocation (platform default), which means it could run on a schedule and create events without a prompt. Autonomous writes to a user's calendar are impactful; because the skill's credential/authorization model is unspecified, users should treat autonomous operation as potentially high-risk until credentials and consent/approval flows are clarified.
What to consider before installing
Before installing or enabling this skill, ask the maintainer for concrete details: (1) how will the skill authenticate to Google Calendar? Provide the exact env vars/scopes (OAuth client ID/secret, refresh token, or explicit dependence on an existing gworkspace skill). (2) Where does llm_identify_conflicts run and who can see the calendar data? Confirm whether event data is sent to an external LLM/service and how long it's retained. (3) Require a preview-and-confirm flow: do not allow the skill to create events automatically without explicit user approval; prefer suggestions the user can accept. (4) Test with a disposable or test calendar first. (5) Verify the skill's provenance — there's no homepage and the publisher is unknown; prefer skills from known authors or those that publish code and a clear privacy/security model. If the maintainer cannot supply clear answers and required auth/scopes, do not enable autonomous runs and treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk975p277t02k6c158jd7y2f77985kfxp
21downloads
0stars
1versions
Updated 5h ago
v1.0.0
MIT-0
@zvirb
latest
Download

Lean Philosophy (Principles)

  • Kaizen (改善): This skill is an atomic node, broken down into its simplest, smallest component to eliminate waste and ensure perfection.
  • Standardized Work (Hyojun Sagyo): This node represents the most efficient, standardized path for this specific task before automation.
  • Jidoka (自働化): This node includes autonomous defect detection. It will stop immediately and report if it cannot achieve the expected outcome.

Calendar Guard

This skill evaluates schedule density and automatically injects recovery blocks into your Google Calendar when needed to prevent burnout.

Cognitive Directives

WHEN [Requested to check calendar for burnout risks OR running on a daily schedule] THEN [

  1. Execute gworkspace_calendar_find to retrieve events for the next 24 hours.
  2. Execute llm_identify_conflicts (Sub-Agent) to analyze the event list for periods of high cognitive load.
  3. IF high load is detected, Execute gworkspace_calendar_create to inject "Recovery Block" events to protect decompression time. ]

Expected Output

A JSON log of any recovery blocks injected.

Comments

Loading comments...