Scan Report
5 /100
cal-candy
Local markdown-based calendar management
Benign markdown-based calendar CLI with no security issues - only performs declared local filesystem operations.
Safe to install
No action needed. This is a legitimate calendar management tool.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ/WRITE | READ/WRITE | ✓ Aligned | SKILL.md declares calendar storage in ~/.openclaw/workspace/calendar/ |
1 findings
Info Email 邮箱地址
[email protected] SKILL.md:4 File Tree
2 files · 18.9 KB · 600 lines Python 1f · 511L
Markdown 1f · 89L
├─
▾
scripts
│ └─
mdcal.py
Python
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
rich | * | pip | No | Used for terminal formatting only, version not pinned |
Security Positives
✓ Clean codebase with only standard library imports plus 'rich'
✓ All operations are local - no network requests whatsoever
✓ Data stored only in designated calendar directory (~/.openclaw/workspace/calendar/)
✓ No credential access or environment variable harvesting for sensitive data
✓ No shell execution or subprocess calls
✓ No base64, eval, or other code execution patterns
✓ No hidden functionality - implementation matches documentation exactly