Pear MCP iCloud Calendar, Reminders & Contacts
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using this skill can allow the agent, through Pear, to access and change your calendars, reminders, and contacts.
The skill explicitly requires delegated access to sensitive iCloud account data and can both read and modify it; this is purpose-aligned but high-impact.
Pear provides read/write access to iCloud Calendar, Reminders, and Contacts
Use it only if you trust Pear with this iCloud data, use an app-specific password as instructed, and revoke the key or iCloud connection when no longer needed.
A mistaken or poorly reviewed request could delete or change iCloud data that then syncs across devices.
The tool set includes destructive and batch mutation operations. These are consistent with a contacts-management skill, but mistakes could have significant user impact.
`pear_delete_contact` | Delete a contact ... `pear_delete_contacts_batch` | Delete up to 50 contacts in one call
Confirm destructive or bulk actions explicitly, especially deletes, updates, and batch contact/event/reminder operations.
Personal contacts, calendars, attendee details, phone numbers, emails, addresses, and reminders may pass through Pear's service.
Sensitive calendar/contact/reminder data is accessed through the external Pear MCP endpoint. This is disclosed and purpose-aligned, but it creates a third-party data boundary.
network:
- pearmcp.com ... `pear_list_contacts` | List all contacts with full vCard dataReview Pear's privacy/security practices and avoid using a custom PEAR_MCP_URL unless you fully trust that endpoint.
The scanner cannot verify the hosted Pear MCP implementation from the provided artifacts.
The artifacts do not include local implementation code to inspect; functionality depends on the external Pear service rather than reviewed local code.
Source: unknown ... No install spec — this is an instruction-only skill.
Install only if you trust the publisher/service and verify the homepage and account setup path before entering credentials.