← Back to Skills Marketplace
danielkillenberger

gcal-oauth-bridge

by Daniel Killenberger · GitHub ↗ · v1.0.3
cross-platform ⚠ suspicious
703
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install gcal-oauth-bridge
Description
Interact with the Calendar Bridge — a self-hosted Node.js service that provides a persistent REST API for Google Calendar events. Handles OAuth token auto-re...
README (SKILL.md)

Calendar Bridge Skill

Use this skill to interact with the Calendar Bridge service — a local REST API that wraps Google Calendar OAuth with persistent token storage and auto-refresh.

GitHub: https://github.com/DanielKillenberger/gcal-oauth-bridge

What is Calendar Bridge?

A tiny Node.js/Express service running at http://localhost:3000 that:

  • Handles Google Calendar OAuth once via browser
  • Stores and auto-refreshes tokens (solves the "token expired every 7 days" problem)
  • Exposes a dead-simple REST API for events, calendars, and auth

API Endpoints

Endpoint Description
GET /health Service status + auth state
GET /auth/url Get OAuth consent URL
GET /events?days=7 Upcoming events from primary calendar
GET /events?days=7&calendar=all Events from ALL calendars
GET /events?days=7&calendar=\x3Cid> Events from a specific calendar
GET /calendars List all available calendars
POST /auth/refresh Force token refresh (normally automatic)

Events response includes: id, summary, start, end, location, description, htmlLink, status, calendarId, calendarSummary

Checking Events

# Quick event check (7 days, primary calendar)
curl http://localhost:3000/events

# All calendars, next 14 days
curl http://localhost:3000/events?days=14&calendar=all

# With API key (if CALENDAR_BRIDGE_API_KEY is configured)
curl -H "Authorization: Bearer $API_KEY" http://localhost:3000/events?calendar=all

To call from OpenClaw/skill context (no API key needed when running on same host):

GET http://localhost:3000/events?calendar=all&days=7

First-Time Setup

1. Clone and install

git clone https://github.com/DanielKillenberger/gcal-oauth-bridge.git
cd gcal-oauth-bridge
npm install
cp .env.example .env
# Edit .env with GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET

2. Get Google OAuth credentials

3. Start the service

node app.js
# or: npm start

4. Authorize (one-time browser flow)

If on a remote VPS, first tunnel port 3000:

# From your local machine:
ssh -L 3000:localhost:3000 your-server

Then:

curl http://localhost:3000/auth/url
# Open the returned URL in your browser
# Complete Google consent → tokens saved automatically

Verify:

curl http://localhost:3000/health
# {"status":"ok","authenticated":true,"needsRefresh":false}

5. Keep it running (systemd)

systemctl --user enable calendar-bridge.service
systemctl --user start calendar-bridge.service

Re-authentication

If tokens are ever revoked (rare — auto-refresh prevents expiry):

  1. ssh -L 3000:localhost:3000 your-server
  2. curl http://localhost:3000/auth/url → open URL → complete consent
  3. Done — new tokens overwrite old ones

Troubleshooting

  • {"error":"Not authenticated"} → Run the OAuth setup flow above
  • 401 UnauthorizedCALENDAR_BRIDGE_API_KEY is set; add Authorization: Bearer \x3Ckey> header
  • Can't reach localhost:3000 → Service not running; check systemctl --user status calendar-bridge
  • "invalid_grant" / "token expired" → Tokens were revoked externally; re-authenticate

Personal Gmail Users

Works with personal Gmail. Google shows an "unverified app" warning — click Advanced → Go to [app] to proceed. Tokens are stored locally on your server, not shared with anyone.

Files

Usage Guidance
This skill appears to do what it says, but take these precautions before installing: 1) Verify the GitHub repository and author (https://github.com/DanielKillenberger/gcal-oauth-bridge) and review app.js yourself before running npm install/node. 2) Treat GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET as sensitive: do not paste them into chat; store them on the host where the bridge runs. 3) Protect tokens.json and, if used, set a strong CALENDAR_BRIDGE_API_KEY to avoid unauthenticated local access. 4) If deploying on a remote VPS, use SSH tunnel as instructed (or secure the service behind a firewall) so the OAuth redirect is safe. 5) Understand that following the SKILL.md will create a persistent service (systemd user unit) on your machine — only proceed on a host you control. 6) If you want to avoid running third-party code, consider using an officially supported Google Calendar integration instead.
Capability Analysis
Type: OpenClaw Skill Name: gcal-oauth-bridge Version: 1.0.3 The skill bundle's core function is to interact with a local service via HTTP GET requests, which is benign. However, the SKILL.md file contains extensive setup instructions for this prerequisite service, including commands like `git clone`, `npm install`, `node app.js`, and `systemctl` for persistence. If an AI agent were susceptible to prompt injection and interpreted these setup instructions as commands to execute, it would pose a significant Remote Code Execution (RCE) vulnerability, making the skill suspicious due to this potential for unintended execution of powerful commands.
Capability Assessment
Purpose & Capability
The skill is a bridge for Google Calendar and legitimately requires GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET for the OAuth setup; CALENDAR_BRIDGE_API_KEY as an optional API protection header is also appropriate.
Instruction Scope
SKILL.md stays on-topic: it instructs cloning the GitHub repo, running the Node service, performing the OAuth browser flow, and calling local endpoints. It does not ask the agent to read unrelated system files or to exfiltrate data to external endpoints. It does recommend SSH port forwarding for remote servers and using systemd to keep the service running (both reasonable for this purpose).
Install Mechanism
This is an instruction-only skill (no install spec), so nothing is automatically downloaded/installed by the platform. The instructions ask the user to git clone and run npm install on the upstream GitHub repo — a normal but potentially risky manual action (running third-party Node code).
Credentials
Requested env vars (GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET) are directly required for OAuth setup; the optional CALENDAR_BRIDGE_API_KEY is sensible for protecting the local API. There are no unrelated or excessive secret requests.
Persistence & Privilege
The skill does not request special platform privileges (always is false). It recommends running the service as a user systemd unit to keep it persistent, which is reasonable for a local service but does create persistent presence on the host if you follow the instructions.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install gcal-oauth-bridge
  3. After installation, invoke the skill by name or use /gcal-oauth-bridge
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
Declare optional CALENDAR_BRIDGE_API_KEY; clarify client credentials are setup-only, not required at runtime
v1.0.2
Fix metadata: declare required env vars (GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET) in openclaw metadata block
v1.0.1
Declare OAuth credentials and tunneling requirements in skill metadata
v1.0.0
Initial release: persistent Google Calendar OAuth bridge for headless servers
Metadata
Slug gcal-oauth-bridge
Version 1.0.3
License
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is gcal-oauth-bridge?

Interact with the Calendar Bridge — a self-hosted Node.js service that provides a persistent REST API for Google Calendar events. Handles OAuth token auto-re... It is an AI Agent Skill for Claude Code / OpenClaw, with 703 downloads so far.

How do I install gcal-oauth-bridge?

Run "/install gcal-oauth-bridge" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is gcal-oauth-bridge free?

Yes, gcal-oauth-bridge is completely free (open-source). You can download, install and use it at no cost.

Which platforms does gcal-oauth-bridge support?

gcal-oauth-bridge is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created gcal-oauth-bridge?

It is built and maintained by Daniel Killenberger (@danielkillenberger); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments