Back to skill
Skillv1.3.0
VirusTotal security
apple-calendar-pro · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 28, 2026, 4:39 AM
- Hash
- cd1fd93deaff290c245efda747d3186743f6de7d807968530216bb1d9b0ff417
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: apple-calendar-pro Version: 1.3.0 The skill is classified as benign. The `scripts/applecal.py` code demonstrates strong security practices, particularly in the `resolve_attachment_path` function, which explicitly blocks sensitive file extensions, directory segments (e.g., '.ssh', '.aws'), and file name patterns (e.g., 'credentials', 'secret', 'id_rsa'). Credential handling uses secure methods like environment variables, Python keyring, or macOS Keychain via `subprocess.run` with hardcoded arguments, preventing shell injection. All network communication is directed to `caldav.icloud.com`, and there is no evidence of data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts in the documentation.
- External report
- View on VirusTotal