ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Apple Calendar (MacOS)

v1.0.0

Use local CLI to manage Apple, Google, iCloud, Outlook, CalDAV, and other calendars synced in macOS Calendar, without API keys or OAuth.

0· 761·7 current·7 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (manage calendars synced into macOS Calendar without OAuth) match the declared needs: a set of local CLI/tool fallbacks and a local config path. Requiring access to Calendar.app and local command-line tools is coherent for this purpose.
Instruction Scope
SKILL.md instructs the agent to probe local binaries, read before writing, request confirmations, and store small local state under ~/apple-calendar-macos/. It does not direct reading of unrelated system files, requesting unrelated credentials, or sending data to third‑party endpoints (the doc explicitly forbids that).
Install Mechanism
This is instruction-only (no install spec), which is lower risk. However the skill favors a third‑party tool named `apple-calendar-cli` as preferred path; the skill does not provide an install source. Users should verify the provenance and trustworthiness of any third‑party CLI they choose to install.
Credentials
No secrets or external API credentials are requested. The only declared config access is to ~/apple-calendar-macos/, which will store operation context, safety logs, and snapshots that may contain event metadata — this is proportionate but sensitive. Users should be aware that local calendar data (event titles/times/notes) may be written to that folder.
Persistence & Privilege
The skill is not always-on and is user-invocable; it requests no elevated platform privileges beyond typical terminal access to Calendar.app. It does not modify other skills or system-wide agent settings.
Assessment
This skill appears coherent with its purpose, but before installing or enabling it: 1) confirm which of the required CLIs you plan to use — especially `apple-calendar-cli` (verify its source and trustworthiness) — since the skill assumes those local tools exist but does not install them; 2) be prepared to grant your Terminal app Calendar access in macOS privacy settings so read/write operations work; 3) review the ~/apple-calendar-macos/ folder after first use — it will store operation context, safety logs, and snapshots that may include event details; 4) the skill explicitly says it will not send data to third‑party APIs, but if you later install or run an unknown third‑party CLI wrapper, that tool could change behavior, so only use CLIs you trust; 5) the agent will require explicit confirmation before destructive actions — pay attention to those prompts. If you want extra safety, avoid installing or enabling any non‑Apple CLIs and rely only on built‑in fallbacks (shortcuts/osascript/icalBuddy) or review the source of any third‑party binary before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk9726bah36m1mmk0aah2gcmymx8246sh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📅 Clawdis
OSmacOS
Any binapple-calendar-cli, icalBuddy, shortcuts, osascript
Config~/apple-calendar-macos/

Comments