ClawHub

CardDAV Contacts

v1.0.2

Sync and manage CardDAV contacts (Google, iCloud, Nextcloud, etc.) using vdirsyncer + khard.

0· 1.1k·0 current·0 all-time
by@jcromero
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description request vdirsyncer + khard and the skill requires exactly those binaries. The suggested CardDAV endpoints and local paths are appropriate for a contacts sync tool.
Instruction Scope
Instructions stay within the contact-syncing domain (create vdirsyncer/khard configs, run vdirsyncer sync, use khard to search/manage). They reference writing/reading files in the user's home (~/.config, ~/.local/share) and show a password.fetch that runs ['command','cat','~/.config/vdirsyncer/google_app_password'] — expected for storing credentials, but you should ensure those files are protected and that any command used in password.fetch is safe.
Install Mechanism
This is instruction-only (no code files). The SKILL.md includes an apt install suggestion for vdirsyncer and khard — a standard, low-risk package install path on Linux; there are no remote downloads or archive extracts.
Credentials
The skill declares no required environment variables or external credentials. It does instruct the user to store CardDAV credentials locally (e.g., an app password file), which is proportional to the task. Be aware that the password.fetch mechanism executes a command to read the password file, so ensure only trusted commands are used and files have restrictive permissions.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent system privileges. It does not modify other skills or system-wide settings; it operates on user-level config paths only.
Assessment
This skill looks coherent for managing CardDAV contacts. Before installing: (1) verify you trust the CardDAV server you configure (Google/iCloud/Nextcloud); (2) install vdirsyncer and khard from your distribution packages and confirm their provenance; (3) if you follow the example password.fetch, store credentials in a file with strict permissions (chmod 600) or use a safer keyring method; (4) review any command used in password.fetch (don't run untrusted commands); and (5) remember the agent will run vdirsyncer/khard commands on your system when invoked, so only enable the skill if you trust those tools and the skill's instructions.

Like a lobster shell, security has layers — review code before you run it.

latestvk972vxdr8vz4azr6efs2nhqscn80xrd7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📇 Clawdis
OSLinux
Binsvdirsyncer, khard

Comments