apple-calendar-pro
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent iCloud Calendar skill, with expected but important access to your calendar, selected attachments, and an iCloud app-specific password.
Install this only if you want an agent to access and manage your iCloud Calendar. Prefer an Apple app-specific password stored in keyring or Keychain, review event deletion/update and attachment actions before use, and consider setting APPLECAL_ATTACH_DIR to limit which local files can be attached.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could add, change, delete, or attach files to events in your iCloud calendar.
The skill can modify or delete calendar events and upload selected files as calendar attachments. This is expected for the stated calendar-management purpose, but it is still meaningful authority.
- **Event CRUD**: List, Create, Update, Delete. ... - **True Attachments**: RFC 8607 compatible
Use it only where you want the agent to manage calendar data, and review create/update/delete/attachment actions before they are run.
Anyone or any agent process with access to this credential can access the associated iCloud calendar through this tool.
The skill uses an iCloud app-specific password from environment variables or local credential stores. This is necessary for CalDAV access and is disclosed, but it grants account-level calendar access.
**Auth**: Resolution order is `APPLECAL_PASSWORD` → Python `keyring` (if installed/configured) → macOS Keychain fallback.
Use a dedicated Apple app-specific password, store it in keyring/Keychain when possible, and revoke it from appleid.apple.com if you stop using the skill.
Dependency installation could be affected by package-source or environment issues outside the skill itself.
The setup documentation installs external Python packages without pinned versions. This is a normal Python CLI setup pattern, but users should install from trusted package sources.
pip3 install requests # optional (recommended off-macOS): pip3 install keyring
Install dependencies in a controlled environment and consider pinning or reviewing package versions if using this in sensitive workflows.
Calendar details returned by the tool may become visible to the agent, and event/attachment changes are sent to iCloud.
The skill exchanges calendar data and attachments with Apple's CalDAV service. This provider communication is disclosed and purpose-aligned, with no hidden endpoints shown.
Connects to iCloud Calendar over CalDAV (RFC 4791) with iPhone-compatible attachment support (RFC 8607).
Use it only with calendars you are comfortable exposing to the agent, and avoid storing secrets in event descriptions or attachments.