This is scary.

The url says www.calender.google.com - typo - calender instead of calendar - but still google.com.

If the TLD is legit, how can anyone figure out this is a suspicious app?

Even a legitimate app asking for full-access to an account shouldn’t be approved by X.