Back to skill
Skillv1.0.2
ClawScan security
Google Calendar Delete Event · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 27, 2026, 4:15 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper that tells the agent to run a single gog CLI command to delete a calendar event; its requests and instructions are consistent with that purpose.
- Guidance
- This skill is narrowly focused and appears coherent, but before installing: (1) confirm the gog binary on your system is the official CLI and you trust its source; (2) remember the skill will use whatever credentials gog already has—ensure those tokens are scoped appropriately and that you want the agent able to delete events; (3) review agent permissions for running shell commands (the agent will execute gog in your environment); (4) because the package has no homepage and an unknown source, prefer testing on a disposable/test calendar first and audit gog's auth/config if you have concerns.
Review Dimensions
- Purpose & Capability
- okName/description match the runtime instruction to run 'gog calendar delete <calendarId> <eventId>'. Requiring the gog binary is appropriate for this narrow task. The skill does not request unrelated binaries or credentials.
- Instruction Scope
- okSKILL.md only instructs execution of a single CLI command and expected output; it does not direct reading unrelated files, exfiltrating data, or contacting unexpected endpoints. The only implicit dependency is that the local gog CLI is already authenticated.
- Install Mechanism
- okThere is no install spec (instruction-only), so nothing is downloaded or written to disk by the skill itself—this is the lowest-risk install model.
- Credentials
- noteThe skill declares no env vars, which is proportionate, but it implicitly relies on whatever credentials/configuration the local gog CLI has (OAuth tokens or local config). That is expected for a CLI-based operation but worth noting because deletion will use those existing credentials.
- Persistence & Privilege
- okThe skill does not request persistent presence (always:false), does not modify other skills or system-wide settings, and is user-invocable. Autonomous invocation is allowed by platform default but not excessive here.