iCloud

Name: iCloud
Author: ivangdavila

Description

Let agents operate your iCloud Drive, Photos, and Find My safely with local 2FA authentication and explicit confirmation gates.

README (SKILL.md)

Setup

On first use, read setup.md for secure integration guidelines.

When to Use

Use this skill when the user wants agents to interact with their own iCloud account: list devices, retrieve Find My status, inspect iCloud Drive, or pull photo metadata/files. Use it for operational automation with strict safety gates, not for bypassing Apple account security.

Architecture

Memory lives in ~/icloud/. See memory-template.md for structure and status fields.

~/icloud/
|-- memory.md               # Status, integration mode, and current account scope
|-- operations-log.md       # Executed commands, result checks, and rollback notes
|-- device-map.md           # Known device aliases and stable IDs
|-- drive-map.md            # iCloud Drive folder map and verified paths
`-- safety-events.md        # Confirmed risky actions and explicit approvals

Quick Reference

Load only the file needed for the current task.

Topic	File
Setup flow	`setup.md`
Memory template	`memory-template.md`
Authentication and session handling	`auth-session.md`
Find My operations	`findmy-ops.md`
iCloud Drive operations	`drive-ops.md`
Photos operations	`photos-ops.md`
Safety boundaries and confirmations	`safety-boundaries.md`

Core Rules

1. Authenticate Locally, Never Through Chat

Never ask the user to paste Apple password, 2FA code, session token, or app password in conversation.
Use interactive local auth with terminal prompts or secure local input prompts only.

2. Start Read-Only, Then Escalate

Run read-only discovery first: account reachability, device list, folder listing, metadata checks.
Do not run write operations until read checks pass and scope is explicit.

3. Require Explicit Confirmation for Risky Actions

Treat lost mode, message push, file rename/delete, and bulk upload as risky.
Before running risky actions, summarize target, effect, and rollback option, then request explicit confirmation.

4. Use Deterministic Verification After Every Action

After each operation, verify expected state with a second read call.
Never report success from command exit code alone.

5. Keep Operations Narrow and Idempotent

Operate on one device ID or one file path per step when possible.
Prefer repeat-safe commands and avoid broad wildcard operations.

6. Handle 2FA and Session Expiry as Normal State

If Apple invalidates the session, pause destructive operations and re-auth first.
Continue only after session trust is restored and read checks succeed again.

7. Persist Only Minimal Operational Context

Store only what improves reliability (IDs, verified paths, successful patterns).
Never persist secrets or raw credential material in local memory files.

Common Traps

Asking for Apple credentials in chat -> immediate privacy and trust failure.
Running write operations before discovery -> wrong device/path targeted.
Using device names without IDs -> ambiguous actions on similarly named devices.
Assuming session validity across days -> sudden auth failures mid-workflow.
Executing bulk file changes without snapshot -> difficult rollback after mistakes.
Claiming action success without re-read verification -> silent failures reach users.

External Endpoints

Endpoint	Data Sent	Purpose
https://idmsa.apple.com	Apple account auth payload during login	Apple ID authentication
https://setup.icloud.com	Session and webservice negotiation	iCloud service bootstrap
https://www.icloud.com	Service API requests (Drive/Photos/Find My)	iCloud operations
https://idmsa.apple.com.cn	Apple account auth payload (China mainland accounts)	Regional Apple ID authentication
https://setup.icloud.com.cn	Session and webservice negotiation (China mainland accounts)	Regional iCloud bootstrap
https://pypi.org	Package metadata (install time only)	Install `pyicloud`
https://files.pythonhosted.org	Package download (install time only)	Install `pyicloud`

No other data is sent externally by this skill's documented workflow.

Security & Privacy

Data that leaves your machine:

Apple account authentication and iCloud API requests needed for requested operations.
Package install traffic only when installing dependencies.

Data that stays local:

Optional operational notes under ~/icloud/.
Local keyring entries managed by the pyicloud tool if the user chooses to store password.

This skill does NOT:

Bypass Apple security flows or 2FA requirements.
Request undeclared credentials in chat.
Execute undeclared network endpoints.
Modify its own SKILL file.

Trust

By using this skill, you trust Apple iCloud endpoints and the pyicloud package. Only install and run this workflow if you trust these services with your account operations.

Related Skills

Install with clawhub install \x3Cslug> if user confirms:

cloud-storage - Cross-provider storage workflows and transfer safety checks
ios - Apple device settings, permissions, and account behavior troubleshooting
macos - macOS security, keychain, and runtime diagnostics for Apple tooling
photos - Media management strategies when iCloud Photos is the main workload

Feedback

If useful: clawhub star icloud
Stay updated: clawhub sync

Usage Guidance

This skill is coherent with its stated purpose, but before installing: 1) Verify you trust the pyicloud package (consider installing in a virtualenv and pinning the version, or review its source). 2) Inspect ~/icloud files after setup and avoid enabling persistence if you don't want any local state. 3) Never paste passwords/2FA into chat — follow the local prompt flow the skill requires. 4) Consider using session-only mode if you prefer no on-disk traces. 5) Be aware package updates (or installing from PyPI) are the main supply-chain risk — review or vendor-lock the dependency if concerned.

Capability Analysis

Type: OpenClaw Skill Name: icloud Version: 1.0.0 This skill bundle is designed with strong security and privacy principles. It explicitly instructs the agent to never request credentials in chat, use local prompts for authentication, require explicit user confirmation for risky actions (e.g., file deletion, Find My actions), and never persist secrets. All external network calls are to legitimate Apple iCloud endpoints or PyPI for dependency installation. File system operations are limited to creating a dedicated `~/icloud/` directory for operational notes, with appropriate permissions, and explicitly state that secrets should not be stored there. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent's intended secure operation.

Capability Assessment

✓ Purpose & Capability

Name/description (iCloud Drive, Photos, Find My) match everything the skill requests: python3 and the pyicloud client. No unrelated credentials, binaries, or endpoints are required—Apple domains are the expected targets.

✓ Instruction Scope

SKILL.md and subsidiary files confine activity to local interactive auth flows, read-first discovery, and explicit confirmation gates for risky actions. The runtime snippets prompt for Apple ID/password via local getpass/input (explicitly prohibiting credential posting in chat) and read/write only to ~/icloud for operational context. No hidden external endpoints or commands are introduced in the instructions.

ℹ Install Mechanism

The workflow installs pyicloud==2.4.1 from PyPI (python -m pip install --user pyicloud==2.4.1) per the skill metadata. Installing a third‑party PyPI package is expected for this capability but carries the usual supply‑chain risk; there is no opaque download URL or archive-extract behavior.

✓ Credentials

No environment variables or unrelated service credentials are requested. Authentication is interactive (user types Apple ID/password locally) rather than via injected secrets, which is proportionate to the skill's purpose. The skill documents keyring use as optional and explicitly forbids persisting secrets in the memory files.

ℹ Persistence & Privilege

The skill writes a small workspace under ~/icloud (memory.md, logs, maps, safety-events) with restrictive permissions in the setup steps. This is reasonable for local state, but users should review those files and confirm no secrets are stored. The skill does not request always:true or system-wide privileges.

Version History

v1.0.0

Initial release with secure iCloud account integration, read-first workflows, and confirmation gates for risky actions.

Metadata

Slug icloud

Version 1.0.0

License —

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is iCloud?

Let agents operate your iCloud Drive, Photos, and Find My safely with local 2FA authentication and explicit confirmation gates. It is an AI Agent Skill for Claude Code / OpenClaw, with 498 downloads so far.

How do I install iCloud?

Run "/install icloud" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is iCloud free?

Yes, iCloud is completely free (open-source). You can download, install and use it at no cost.

Which platforms does iCloud support?

iCloud is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created iCloud?

It is built and maintained by Iván (@ivangdavila); the current version is v1.0.0.

More Skills