ClawHub

apple-calendar-pro

v1.3.0

iCloud Calendar skill via CalDAV (RFC 4791) — works on macOS/Linux, and Windows with env/keyring auth. Supports event CRUD, multi-calendar queries, managed a...

0· 411·1 current·1 all-time
byXushen@xushen-ma
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (iCloud CalDAV calendar with attachments) align with required binary (python3), the single required env var (APPLECAL_PASSWORD), and the included script. Network activity is targeted at the iCloud CalDAV endpoint (ICLOUD_WELL_KNOWN). Requiring a password for iCloud access is expected.
Instruction Scope
SKILL.md and the script instruct the agent to read local files when uploading attachments and to consult credentials via APPLECAL_PASSWORD, python keyring, or macOS Keychain. Reading local attachment files and invoking the macOS 'security' tool is in-scope for an attachment-capable CalDAV client, but users should be aware that attachment contents will be uploaded to iCloud. The instructions include an optional APPLECAL_ATTACH_DIR feature (directory scoping) that governs which files can be attached.
Install Mechanism
There is no automatic install spec; this is instruction-only with a bundled script. Dependencies are minimal (requests, optional keyring) and the README documents pip installation. No remote download or archive extraction is used by the skill itself.
Credentials
Only APPLECAL_PASSWORD is declared as required (and used as the primary credential), which is proportional to CalDAV access. The code also optionally reads APPLECAL_ATTACH_DIR (not listed in the declared required env vars) and may call into system keyring/keychain tools. Access to local keyrings/keychain via keyring or macOS 'security' is justified for credential resolution, but the undeclared optional env var (APPLECAL_ATTACH_DIR) is a minor metadata inconsistency and should be documented in the registry metadata if considered part of configuration.
Persistence & Privilege
The skill does not request 'always: true' or other elevated platform privileges. It does run subprocesses (macOS 'security') and network calls as part of expected behaviour but does not attempt to modify other skills or system-wide agent config.
Assessment
This skill appears to do what it says: manage iCloud calendars via CalDAV and upload attachments using an app-specific password. Before installing, consider the following: - You must provide an app-specific password (APPLECAL_PASSWORD). Keep this confined to a user account (avoid setting it globally on shared machines). - Attachments selected for upload are read from disk and sent to Apple's CalDAV servers. The script includes allowlists and blocks common sensitive directories/names, but you should still verify the files you attach. Use APPLECAL_ATTACH_DIR to restrict allowed attachment locations (the SKILL metadata does not list this optional env var — it's documented in SKILL.md/code). - The script may retrieve credentials from Python keyring or run macOS's 'security' CLI to read the Keychain; this is expected for credential resolution but means the script will invoke local credential helpers when APPLECAL_PASSWORD is not set. - There is no automatic installer; you must ensure python3 and the 'requests' package (and optionally 'keyring') are installed. - If you want higher assurance, review the rest of scripts/applecal.py (the file is included) to confirm no additional network endpoints or unexpected behaviors before granting the APPLECAL_PASSWORD env var or running attachment uploads.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspython3
EnvAPPLECAL_PASSWORD
Primary envAPPLECAL_PASSWORD
latestvk977rh0t0vnrtr8k045g3be065821krf
411downloads
0stars
9versions
Updated 1mo ago
v1.3.0
MIT-0
Xushen@xushen-ma
latest
Download

apple-calendar-pro

Advanced Apple Calendar integration using CalDAV (RFC 4791) and Managed Attachments (RFC 8607).

Primary CLI

scripts/applecal.py

Capabilities

  • Event CRUD: List, Create, Update, Delete.
  • Multi-Calendar Support: Query multiple calendars in a single command.
  • True Attachments: RFC 8607 compatible (works on iPhone/iPad).
  • Free/Busy: CalDAV scheduling lookup with event-derived fallback.

Common Commands

List Events (Combined)

Check multiple calendars at once:

python3 scripts/applecal.py events list \
  --apple-id your@icloud.com \
  --calendar Family \
  --calendar Work \
  --from "2026-02-26T00:00:00Z" \
  --to "2026-02-26T23:59:59Z"

Create All-Day Event

python3 scripts/applecal.py events create \
  --apple-id your@icloud.com \
  --calendar Family \
  --summary "Birthday" \
  --start "2026-02-26" \
  --end "2026-02-26" \
  --all-day

Attach a File (iPhone Safe)

python3 scripts/applecal.py attach add \
  --apple-id your@icloud.com \
  --calendar Family \
  --uid <UID> \
  --file /path/to/document.pdf

Free/Busy Check

python3 scripts/applecal.py freebusy \
  --apple-id your@icloud.com \
  --calendar Family \
  --from "2026-02-26T00:00:00Z" \
  --to "2026-02-26T23:59:59Z"

Notes

  • Birthdays: The virtual "Birthdays" calendar is not searchable via CalDAV. Key birthdays should be added as physical recurring events in the Family calendar for agent visibility.
  • Auth: Resolution order is APPLECAL_PASSWORD → Python keyring (if installed/configured) → macOS Keychain fallback. Run doctor to verify connectivity.
  • Event update clearing: Use events update --clear-location / --clear-description to explicitly remove optional fields.
  • Attachment safety: attach add blocks sensitive paths/names, allowlists file extensions, and supports optional directory scoping via APPLECAL_ATTACH_DIR.
  • Apple ID: Always pass --apple-id your@icloud.com (the iCloud account email, not necessarily your Apple ID login).

Comments

Loading comments...