Pear Apple
PassAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed iCloud/Pear integration, but installing it means trusting Pear and the agent with sensitive read/write access to calendars, reminders, and contacts.
Before installing, decide whether you trust Pear with your iCloud calendars, reminders, and contacts. Keep the API key private, use a revocable Apple app-specific password, and require clear confirmation before any delete or bulk operation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could create, update, complete, or delete real iCloud items, including deleting multiple contacts at once.
The skill exposes real destructive and bulk account-mutation tools. This is disclosed and aligned with contact/calendar management, but misuse or accidental invocation could change or delete user data.
`pear_delete_event` | Delete an event by filename ... `pear_delete_contacts_batch` | Delete up to 50 contacts in one call
Use explicit confirmation before deletes, batch operations, or major updates, and consider backing up contacts/calendars before large changes.
Anyone with access to the configured Pear credentials could potentially operate on the connected iCloud calendars, reminders, and contacts through the exposed tools.
Using the skill requires delegated access through Pear and an iCloud app-specific password. This credential use is expected for the integration, but it grants sensitive account authority.
`PEAR_API_KEY` — Your Pear API key ... Connect your iCloud account (requires an app-specific password)
Store the PEAR_API_KEY securely, use a revocable Apple app-specific password, and revoke the Pear/iCloud connection if you stop using the skill.
Calendar details, reminders, attendee information, and full contact records may be exposed to the Pear service and then to the agent context when tools are used.
Sensitive iCloud data is handled through a remote Pear MCP/provider flow. The destination is disclosed and purpose-aligned, but full contact, calendar, and reminder data can pass through that service.
`network`: `pearmcp.com` ... `pear_list_contacts` | List all contacts with full vCard data
Install only if you trust Pear with this iCloud data, and avoid requesting broad contact/calendar dumps unless needed.