Back to skill
Skillv1.3.0
ClawScan security
apple-calendar-pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 6:04 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and required credential (APPLECAL_PASSWORD) match its stated purpose (CalDAV access to iCloud Calendar); no obvious incoherent or malicious behavior was found, though there are a few small discrepancies and privacy considerations to review before use.
- Guidance
- This skill appears to do what it says: manage iCloud calendars via CalDAV and upload attachments using an app-specific password. Before installing, consider the following: - You must provide an app-specific password (APPLECAL_PASSWORD). Keep this confined to a user account (avoid setting it globally on shared machines). - Attachments selected for upload are read from disk and sent to Apple's CalDAV servers. The script includes allowlists and blocks common sensitive directories/names, but you should still verify the files you attach. Use APPLECAL_ATTACH_DIR to restrict allowed attachment locations (the SKILL metadata does not list this optional env var — it's documented in SKILL.md/code). - The script may retrieve credentials from Python keyring or run macOS's 'security' CLI to read the Keychain; this is expected for credential resolution but means the script will invoke local credential helpers when APPLECAL_PASSWORD is not set. - There is no automatic installer; you must ensure python3 and the 'requests' package (and optionally 'keyring') are installed. - If you want higher assurance, review the rest of scripts/applecal.py (the file is included) to confirm no additional network endpoints or unexpected behaviors before granting the APPLECAL_PASSWORD env var or running attachment uploads.
Review Dimensions
- Purpose & Capability
- okName/description (iCloud CalDAV calendar with attachments) align with required binary (python3), the single required env var (APPLECAL_PASSWORD), and the included script. Network activity is targeted at the iCloud CalDAV endpoint (ICLOUD_WELL_KNOWN). Requiring a password for iCloud access is expected.
- Instruction Scope
- noteSKILL.md and the script instruct the agent to read local files when uploading attachments and to consult credentials via APPLECAL_PASSWORD, python keyring, or macOS Keychain. Reading local attachment files and invoking the macOS 'security' tool is in-scope for an attachment-capable CalDAV client, but users should be aware that attachment contents will be uploaded to iCloud. The instructions include an optional APPLECAL_ATTACH_DIR feature (directory scoping) that governs which files can be attached.
- Install Mechanism
- okThere is no automatic install spec; this is instruction-only with a bundled script. Dependencies are minimal (requests, optional keyring) and the README documents pip installation. No remote download or archive extraction is used by the skill itself.
- Credentials
- noteOnly APPLECAL_PASSWORD is declared as required (and used as the primary credential), which is proportional to CalDAV access. The code also optionally reads APPLECAL_ATTACH_DIR (not listed in the declared required env vars) and may call into system keyring/keychain tools. Access to local keyrings/keychain via keyring or macOS 'security' is justified for credential resolution, but the undeclared optional env var (APPLECAL_ATTACH_DIR) is a minor metadata inconsistency and should be documented in the registry metadata if considered part of configuration.
- Persistence & Privilege
- okThe skill does not request 'always: true' or other elevated platform privileges. It does run subprocesses (macOS 'security') and network calls as part of expected behaviour but does not attempt to modify other skills or system-wide agent config.