技能详情(站内镜像,无评论)
作者:Adrian Miller @AdrianMiller99
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 11 · 11k · 93 current installs · 94 all-time installs
⭐ 11
安装量(当前) 94
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:adrianmiller99/google-calendar
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill claims to be a thin Google Calendar wrapper, but the README, runtime scripts, and setup steps are inconsistent and the code writes an access token to a file in the user's home directory — review and fix these mismatches before installing.
目的
The stated purpose (Google Calendar API access) matches the included code in general, but required credentials and runtime expectations differ between SKILL.md and the scripts. SKILL.md describes using CLIENT_ID/CLIENT_SECRET/REFRESH_TOKEN and storing secrets via openclaw, while the primary script (scripts/google_calendar.py) expects an environment variable GOOGLE_ACCESS_TOKEN (and optionally GOOGLE_CALENDAR_IDS). This mismatch means the decla…
说明范围
SKILL.md's setup instructions reference a module invocation (python3 -m google_calendar.auth) and recommend installing google-auth libraries, but the repository provides scripts named refresh_token.py and google_calendar.py (no google_calendar.auth module) and the scripts use only the standard library (urllib). The README also tells users to store secrets via openclaw secret set, but the refresh_token script writes an access token into ~/.conf…
安装机制
No install spec is provided (instruction-only), which is lower risk. The package includes two small Python scripts (no external downloads). There is an incidental pyvenv.cfg file pointing at a user/home path and an openclaw skills path (likely a leftover build artifact) — harmless technically but it leaks a build path and suggests the repository may contain local artifacts.
证书
SKILL.md asks for CLIENT_ID, CLIENT_SECRET, REFRESH_TOKEN, and GOOGLE_CALENDAR_ID (reasonable for OAuth flows). The runtime code, however, expects GOOGLE_ACCESS_TOKEN (and supports GOOGLE_CALENDAR_IDS). The refresh_token script does require client id/secret/refresh token and exchanges them for an access token, but it persists the access token to ~/.config/google-calendar/secrets.env rather than returning it or storing it where openclaw secrets…
持久
The refresh_token.py script writes (and overwrites) ~/.config/google-calendar/secrets.env with an exported GOOGLE_ACCESS_TOKEN line. That creates on-disk persistence of a credential in the user's home directory and can be unexpected given the README's instruction to use openclaw secret storage. The skill does not request always: true and does not attempt to modify other skills, but the filesystem write is a persistent side effect worth noting.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Google Calendar」。简介:Interact with Google Calendar via the Google Calendar API – list upcoming event…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/adrianmiller99/google-calendar/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。