Skillv0.1.0

ClawScan security

Apple Calendar Ops · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 3:28 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement CalDAV access to Apple Calendar and matches its stated functionality, but packaging/documentation inconsistencies around where credentials come from (and the code reading an un-declared secrets.json) are concerning and warrant review before use.
Guidance: This skill largely does what it claims (CalDAV read/write to Apple Calendar), but before installing you should: 1) Inspect /home/agent/.openclaw/workspace/secrets.json and ensure it only contains the appleCalendar keys (appleId and appSpecificPassword) — the skill reads the entire file. 2) Prefer using an Apple app‑specific password (not your main Apple password). 3) Confirm the caldav baseUrl (defaults to caldav.icloud.com) and any configured calendarUrls to restrict which calendars the skill can access. 4) Because the registry metadata does not declare the secrets/config path, treat that as a packaging omission — either update the registry entry or avoid running the skill until you can control where credentials come from. 5) Run first with --dry-run or --list-calendars to verify behavior. If you are not comfortable with a local secrets.json being read, do not install/run the skill until the credential handling is clarified.

Review Dimensions

Purpose & Capability: concernThe code implements CalDAV operations (discover, list, fetch, create, update, delete) which matches the description. However the SKILL metadata declares no required config paths or credentials while the SKILL.md and the code hard‑code a secrets file path (/home/agent/.openclaw/workspace/secrets.json). The skill legitimately needs Apple ID + app‑specific password, but the registry metadata omission is an incoherence.
Instruction Scope: noteRuntime instructions and scripts are narrowly scoped to CalDAV operations and call only the CalDAV endpoint (default https://caldav.icloud.com). The SKILL.md explicitly instructs the agent to read a local secrets.json for credentials; the code's load_all_secrets() reads the whole JSON file. This is within expected scope for an Apple Calendar CalDAV tool, but the explicit dependency on a workspace secrets file should be noted and checked.
Install Mechanism: okThere is no install spec or external download. The skill is instruction-plus-scripts included in the bundle. No network install or archive extraction is performed at install time, which lowers install-time risk.
Credentials: concernThe skill requires Apple credentials (appleId and appSpecificPassword) which are proportionate to CalDAV access. However the declared registry requirements list no env vars or config paths while the code expects and reads a workspace secrets.json containing these credentials. The code reads the full secrets.json (load_all_secrets()), not only the appleCalendar keys, so if that file contains unrelated sensitive values they would be accessible to this skill.
Persistence & Privilege: okThe skill does not request always:true and does not attempt to modify other skills or global agent settings. It runs as contained scripts and only acts when invoked.