iCloud
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: icloud Version: 1.0.0 This skill bundle is designed with strong security and privacy principles. It explicitly instructs the agent to never request credentials in chat, use local prompts for authentication, require explicit user confirmation for risky actions (e.g., file deletion, Find My actions), and never persist secrets. All external network calls are to legitimate Apple iCloud endpoints or PyPI for dependency installation. File system operations are limited to creating a dedicated `~/icloud/` directory for operational notes, with appropriate permissions, and explicitly state that secrets should not be stored there. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent's intended secure operation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can access iCloud data and services after the user authenticates locally.
The skill uses local Apple ID credentials to create an iCloud API session. This is expected for the stated purpose and avoids chat-based credential collection, but it grants sensitive account-level access.
user = input("Apple ID: ").strip()
pwd = getpass.getpass("Apple password: ")
api = PyiCloudService(user, pwd)Only use this with your own Apple account, never paste credentials into chat, and confirm the exact iCloud areas and devices the agent may access.
If approved, the agent could change iCloud Drive content or trigger Find My actions on a device.
The skill documents actions that can affect devices or cloud files, but it also requires user confirmation and scoped targets before those actions.
Treat lost mode, message push, file rename/delete, and bulk upload as risky. Before running risky actions, summarize target, effect, and rollback option, then request explicit confirmation.
Before approving any risky action, check the exact device ID or file path, the expected effect, and the rollback plan.
Installing the dependency runs and uses third-party package code on the user's machine.
The skill relies on a third-party PyPI package. The dependency is pinned and disclosed, but it is still part of the trust boundary.
python3 -m pip install --user pyicloud==2.4.1
Install only if you trust the pyicloud package and prefer using a dedicated Python environment if you want stronger isolation.
Local notes could reveal device names, iCloud Drive paths, or previous account operations to anyone with access to the machine.
The skill can persist local operational context such as device mappings, verified paths, and operation logs. It says not to store secrets, but the retained context may still be sensitive.
Memory lives in `~/icloud/`... operations-log.md... device-map.md... drive-map.md... safety-events.md
Use session-only mode if you do not want persistence, and review or delete ~/icloud/ if you stop using the skill.