ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Apple Calendar Ops

v0.1.0

Read, create, update, and delete Apple Calendar events via CalDAV. Use when the user wants to inspect calendars or events, add a calendar event, change an ex...

0· 297·0 current·0 all-time
byClawEnd@ivy-end
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code implements CalDAV operations (discover, list, fetch, create, update, delete) which matches the description. However the SKILL metadata declares no required config paths or credentials while the SKILL.md and the code hard‑code a secrets file path (/home/agent/.openclaw/workspace/secrets.json). The skill legitimately needs Apple ID + app‑specific password, but the registry metadata omission is an incoherence.
Instruction Scope
Runtime instructions and scripts are narrowly scoped to CalDAV operations and call only the CalDAV endpoint (default https://caldav.icloud.com). The SKILL.md explicitly instructs the agent to read a local secrets.json for credentials; the code's load_all_secrets() reads the whole JSON file. This is within expected scope for an Apple Calendar CalDAV tool, but the explicit dependency on a workspace secrets file should be noted and checked.
Install Mechanism
There is no install spec or external download. The skill is instruction-plus-scripts included in the bundle. No network install or archive extraction is performed at install time, which lowers install-time risk.
!
Credentials
The skill requires Apple credentials (appleId and appSpecificPassword) which are proportionate to CalDAV access. However the declared registry requirements list no env vars or config paths while the code expects and reads a workspace secrets.json containing these credentials. The code reads the full secrets.json (load_all_secrets()), not only the appleCalendar keys, so if that file contains unrelated sensitive values they would be accessible to this skill.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or global agent settings. It runs as contained scripts and only acts when invoked.
What to consider before installing
This skill largely does what it claims (CalDAV read/write to Apple Calendar), but before installing you should: 1) Inspect /home/agent/.openclaw/workspace/secrets.json and ensure it only contains the appleCalendar keys (appleId and appSpecificPassword) — the skill reads the entire file. 2) Prefer using an Apple app‑specific password (not your main Apple password). 3) Confirm the caldav baseUrl (defaults to caldav.icloud.com) and any configured calendarUrls to restrict which calendars the skill can access. 4) Because the registry metadata does not declare the secrets/config path, treat that as a packaging omission — either update the registry entry or avoid running the skill until you can control where credentials come from. 5) Run first with --dry-run or --list-calendars to verify behavior. If you are not comfortable with a local secrets.json being read, do not install/run the skill until the credential handling is clarified.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bvg3z3r34wwnyrbm1x9ch3582r6fy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments