Safety Report

PortEden - Secure your calendar & email data.

Name: PortEden - Secure your calendar & email data.
Rating: 5 (2 reviews)
Author: porteden

Secured Calendar and Email management - Gmail, Outlook & Exchange - list, search, create, update, delete calendar events and list, search, read, send, reply,...

183Downloads

0Installs

2Stars

3Versions

Search & Retrieval5,443 Calendar & Scheduling3,358 Email Automation1,545

Security Analysis

medium confidence

Clean0.04 risk

The skill's requirements and runtime instructions are consistent with a calendar & email CLI: it asks for a CLI binary and a single service API key and its commands and auth flows match the described purpose.

Feb 25, 20261 files1 concern

Purpose & Capabilityok

Name/description match the declared requirements: the skill needs the 'porteden' CLI and a single API key (PE_API_KEY) which is exactly what an email/calendar aggregator CLI would need.

Instruction Scopeok

SKILL.md contains only commands and auth flows relevant to calendar and email management. It references storing credentials in the system keyring and the PE_* env variables it declared; it does not instruct the agent to read unrelated files or unknown environment variables.

Install Mechanismnote

Installers are a Homebrew formula (porteden/tap/porteden) and a Go module (github.com/porteden/cli/...), both reasonable for a CLI. This imports code from external sources (brew tap and a GitHub module) — standard but carries normal supply-chain risk; verify the tap/module authorship before installing in sensitive environments.

Credentialsok

Only PE_API_KEY (and optional PE_PROFILE/PE_TIMEZONE/format flags) are requested. Those variables are proportional to a service that accesses multiple calendars/mailboxes. The main risk is the scope of PE_API_KEY (it may grant broad access) — users should check and limit token privileges where possible.

Persistence & Privilegeok

The skill is not set to always:true and does not request elevated platform privileges. It stores credentials in the system keyring (expected behavior for a CLI). It does not modify other skills or system-wide configurations according to SKILL.md.

Guidance

This skill is internally consistent with its stated purpose, but before installing: 1) Verify the Homebrew tap and the GitHub module belong to the legitimate PortEden project (check porteden.com and the repository) to reduce supply-chain risk. 2) Prefer browser OAuth login (which stores tokens in your system keyring) rather than pasting tokens into environments shared with other processes. 3) If you must set PE_API_KEY, create a token with the minimal scopes needed and avoid placing it in globally readable environment files. 4) Review the brew formula or the Go module source quickly for anything unexpected if you plan to install on a sensitive machine. 5) Confirm that you are comfortable granting the CLI access to your calendars and mailboxes — the CLI can read, send, modify, and delete messages/events per its documentation.

Latest Release

v1.0.2

porteden 1.0.2 Changelog - Updated description to emphasize security and position as a secure alternative to gog-cli. - Expanded install instructions to include Homebrew and Go, with simplified install commands. - Added Homebrew and Go install options to metadata for easier setup. - Minor wording improvements and clarifications throughout documentation.

More by @porteden

6 stars

PortEden - secured email (Gmail, Outlook, Exchange) access for OpenClaw

3 stars

Calendar

2 stars

PortEden - secured calendar(Gmail, Outlook, Exchange) access for OpenClaw

2 stars

Secure Gmail integration (gws & gogcli gmail with firewall alternative)

1 stars

Google Drive

1 stars

Published by @porteden on ClawHub