iCloud Calendar skill via CalDAV (RFC 4791) — works on macOS/Linux, and Windows with env/keyring auth. Supports event CRUD, multi-calendar queries, managed a...
Security Analysis
high confidenceThe skill's code, instructions, and required credential (APPLECAL_PASSWORD) match its stated purpose (CalDAV access to iCloud Calendar); no obvious incoherent or malicious behavior was found, though there are a few small discrepancies and privacy considerations to review before use.
Name/description (iCloud CalDAV calendar with attachments) align with required binary (python3), the single required env var (APPLECAL_PASSWORD), and the included script. Network activity is targeted at the iCloud CalDAV endpoint (ICLOUD_WELL_KNOWN). Requiring a password for iCloud access is expected.
SKILL.md and the script instruct the agent to read local files when uploading attachments and to consult credentials via APPLECAL_PASSWORD, python keyring, or macOS Keychain. Reading local attachment files and invoking the macOS 'security' tool is in-scope for an attachment-capable CalDAV client, but users should be aware that attachment contents will be uploaded to iCloud. The instructions include an optional APPLECAL_ATTACH_DIR feature (directory scoping) that governs which files can be attached.
There is no automatic install spec; this is instruction-only with a bundled script. Dependencies are minimal (requests, optional keyring) and the README documents pip installation. No remote download or archive extraction is used by the skill itself.
Only APPLECAL_PASSWORD is declared as required (and used as the primary credential), which is proportional to CalDAV access. The code also optionally reads APPLECAL_ATTACH_DIR (not listed in the declared required env vars) and may call into system keyring/keychain tools. Access to local keyrings/keychain via keyring or macOS 'security' is justified for credential resolution, but the undeclared optional env var (APPLECAL_ATTACH_DIR) is a minor metadata inconsistency and should be documented in the registry metadata if considered part of configuration.
The skill does not request 'always: true' or other elevated platform privileges. It does run subprocesses (macOS 'security') and network calls as part of expected behaviour but does not attempt to modify other skills or system-wide agent config.
Guidance
This skill appears to do what it says: manage iCloud calendars via CalDAV and upload attachments using an app-specific password. Before installing, consider the following: - You must provide an app-specific password (APPLECAL_PASSWORD). Keep this confined to a user account (avoid setting it globally on shared machines). - Attachments selected for upload are read from disk and sent to Apple's CalDAV servers. The script includes allowlists and blocks common sensitive directories/names, but you should still verify the files you attach. Use APPLECAL_ATTACH_DIR to restrict allowed attachment locations (the SKILL metadata does not list this optional env var — it's documented in SKILL.md/code). - The script may retrieve credentials from Python keyring or run macOS's 'security' CLI to read the Keychain; this is expected for credential resolution but means the script will invoke local credential helpers when APPLECAL_PASSWORD is not set. - There is no automatic installer; you must ensure python3 and the 'requests' package (and optionally 'keyring') are installed. - If you want higher assurance, review the rest of scripts/applecal.py (the file is included) to confirm no additional network endpoints or unexpected behaviors before granting the APPLECAL_PASSWORD env var or running attachment uploads.
Latest Release
v1.3.0
Security: attachment path hardening — extension allowlist, sensitive path/name blocking, optional APPLECAL_ATTACH_DIR directory scoping
Popular Skills
Published by @xushen-ma on ClawHub
