CardDAV Contacts
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherent and purpose-aligned for managing CardDAV contacts, but it can sync, store, edit, move, and delete contacts using a local CardDAV credential.
Before installing, make sure you are comfortable giving vdirsyncer/khard access to your contacts and CardDAV credential. Confirm destructive actions like delete or move, and review your sync conflict settings so contact changes behave the way you expect.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A simple contact lookup may first update local contact files from the remote address book, and pending local/remote changes could be reconciled by vdirsyncer.
The skill instructs sync as the default first step before lookups. This is purpose-aligned, but sync can change local contact state and may interact with remote CardDAV data depending on user configuration.
Always sync before querying to ensure you have the latest contacts: ```bash vdirsyncer sync ```
Review your vdirsyncer configuration and conflict-resolution behavior before relying on automatic sync-before-query workflows.
If invoked for management tasks, the agent can help create, edit, move, or delete contacts.
The skill documents contact mutation commands, including deletion and movement between address books. These commands are directly related to managing contacts, but they can alter or remove user data.
khard new ... khard edit "john" ... khard remove "john" # Delete contact khard move "john" -a work # Move to another address book
Ask the agent to confirm the exact contact and action before edit, move, or delete operations, especially when names may match multiple contacts.
The configured vdirsyncer account can access and synchronize the user’s contacts for that provider.
The example configuration uses a local app-password file to authenticate to a CardDAV provider. Credential use is expected for CardDAV sync, but it is sensitive account access.
username = "your@email.com" password.fetch = ["command", "cat", "~/.config/vdirsyncer/google_app_password"]
Use an app-specific password or least-privilege credential where available, store it with restrictive file permissions, and verify the URL points to the intended CardDAV provider.
Your contacts may be stored locally as files and read by khard when the agent searches or displays contact details.
The skill stores synced contacts persistently on the local filesystem. This is the normal vdirsyncer model, but contact data is personal and may be reused by future commands.
vdirsyncer syncs CardDAV contacts to local `.vcf` files ... path = "~/.local/share/vdirsyncer/contacts/"
Keep the contact storage path private, avoid sharing it with unrelated tools, and consider backups or provider-side recovery options before enabling sync.