Openclaw With Apple

The skill bundle provides a comprehensive suite for integrating Apple iCloud services, including Photos, Drive, Calendar, and Find My, as well as Apple Health analysis. It is classified as suspicious due to several high-risk behaviors: it explicitly instructs the AI agent to collect the user's Apple ID and Main Password (storing them in environment variables), establishes persistence on macOS via a LaunchAgent (setup_tasks_cron.py), and includes capabilities to track device locations and enable 'Lost Mode' (icloud_tool.py). Furthermore, the SKILL.md contains aggressive 'Iron Rules' that command the AI to execute tools immediately without user confirmation upon detecting specific keywords, which increases the risk of unintended actions via prompt injection. While these features are aligned with the stated purpose and documented in SECURITY.md, the combination of credential collection, persistence, and automated device control represents a significant security surface.