ClawHub

iCloud

v1.0.0

Let agents operate your iCloud Drive, Photos, and Find My safely with local 2FA authentication and explicit confirmation gates.

0· 438·0 current·0 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (iCloud Drive, Photos, Find My) match everything the skill requests: python3 and the pyicloud client. No unrelated credentials, binaries, or endpoints are required—Apple domains are the expected targets.
Instruction Scope
SKILL.md and subsidiary files confine activity to local interactive auth flows, read-first discovery, and explicit confirmation gates for risky actions. The runtime snippets prompt for Apple ID/password via local getpass/input (explicitly prohibiting credential posting in chat) and read/write only to ~/icloud for operational context. No hidden external endpoints or commands are introduced in the instructions.
Install Mechanism
The workflow installs pyicloud==2.4.1 from PyPI (python -m pip install --user pyicloud==2.4.1) per the skill metadata. Installing a third‑party PyPI package is expected for this capability but carries the usual supply‑chain risk; there is no opaque download URL or archive-extract behavior.
Credentials
No environment variables or unrelated service credentials are requested. Authentication is interactive (user types Apple ID/password locally) rather than via injected secrets, which is proportionate to the skill's purpose. The skill documents keyring use as optional and explicitly forbids persisting secrets in the memory files.
Persistence & Privilege
The skill writes a small workspace under ~/icloud (memory.md, logs, maps, safety-events) with restrictive permissions in the setup steps. This is reasonable for local state, but users should review those files and confirm no secrets are stored. The skill does not request always:true or system-wide privileges.
Assessment
This skill is coherent with its stated purpose, but before installing: 1) Verify you trust the pyicloud package (consider installing in a virtualenv and pinning the version, or review its source). 2) Inspect ~/icloud files after setup and avoid enabling persistence if you don't want any local state. 3) Never paste passwords/2FA into chat — follow the local prompt flow the skill requires. 4) Consider using session-only mode if you prefer no on-disk traces. 5) Be aware package updates (or installing from PyPI) are the main supply-chain risk — review or vendor-lock the dependency if concerned.

Like a lobster shell, security has layers — review code before you run it.

latestvk972qepvf7hb07tz0rb0sa05xx820sb7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

☁️ Clawdis
OSLinux · macOS · Windows
Binspython3

Comments