Trust Assessment
google-calendar received a trust score of 38/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 3 medium, and 0 low severity. Key findings include Suspicious import: urllib.request, Potential data exfiltration: file read + network send, Insecure storage of access token in plain text file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Insecure storage of access token in plain text file The `refresh_token.py` script obtains an OAuth access token and writes it directly to a plain text file located at `~/.config/google-calendar/secrets.env`. This bypasses any secure secret management provided by the host environment (e.g., `openclaw secret set`) and stores a highly sensitive credential in an unencrypted, potentially world-readable file. If this file is compromised, an attacker could gain unauthorized access to the user's Google Calendar. The access token should not be written to a plain text file. Instead, the `refresh_token.py` script should return the access token to the calling environment (e.g., stdout) or use the `openclaw secret set` mechanism to store it securely, if such a mechanism supports temporary or frequently updated secrets. The `google_calendar.py` script should then retrieve this token from the secure environment variables provided by the host, rather than relying on a sourced file. | LLM | scripts/refresh_token.py:30 | |
| HIGH | Potential data exfiltration: file read + network send Function 'refresh' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/amanbhandula/moltarxiv/google-calendar-0.1.0/scripts/refresh_token.py:34 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/amanbhandula/moltarxiv/google-calendar-0.1.0/scripts/google_calendar.py:2 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/amanbhandula/moltarxiv/google-calendar-0.1.0/scripts/refresh_token.py:2 | |
| MEDIUM | Excessive file system write permissions for credential storage The `refresh_token.py` script has the capability to write to an arbitrary file path within the user's home directory (`~/.config/google-calendar/secrets.env`). While this specific path is intended for configuration, granting a skill the ability to write sensitive credentials to a user-controlled file path is an excessive permission. This capability, combined with the insecure storage of the access token, increases the risk of credential exposure if the skill were to be manipulated to write to a different, more accessible location. Skills should ideally not write sensitive credentials to the filesystem. If temporary storage is absolutely necessary, it should be done in a highly restricted, temporary directory with strict permissions, and the file should be deleted immediately after use. The preferred method is to pass credentials via environment variables or a secure secret management system provided by the host platform. | LLM | scripts/refresh_token.py:30 |
Scan History
Embed Code
[](https://skillshield.io/report/d2543d586c4e73bf)
Powered by SkillShield