Back to skill
Skillv0.1.0
VirusTotal security
Icloud Calendar Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:12 AM
- Hash
- 542507a3e281270398c0e2d159c818d5ad3e59e22eda9975590c62abc43d9e7f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: icloud-calendar Version: 0.1.0 The skill is classified as suspicious due to the inclusion of a hardcoded iCloud internal ID (DSID '8132224793') in the CALENDAR_HOME path and a lack of input sanitization when constructing the iCalendar (.ics) payload in scripts/add_event.py, which could allow for injection attacks. Furthermore, the script is functionally broken as it attempts to use several modules (uuid, base64, urllib.request, and datetime) without importing them at the file level, which is highly irregular for a published skill. While no evidence of data exfiltration to third-party domains was found (it only communicates with caldav.icloud.com), the combination of hardcoded identifiers and poor code quality poses a security risk.
- External report
- View on VirusTotal