gcalcli

SUSPICIOUS. The skill's purpose is coherent, but its core execution path depends on a personal GitHub fork fetched from a mutable branch, then uses Google OAuth-backed calendar access. Data flows generally match the calendar-use case, yet install trust is weak and credential exposure to unpinned third-party code is disproportionate to a simple reference skill.