← Back to Skills Marketplace
samuelhe52

iCloud CalDav

by samuelhe52 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1095
Downloads
0
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install icloud-caldav
Description
Direct iCloud Calendar integration via CalDAV protocol. Create, read, update, and delete calendar events without third-party services. Use when the user want...
README (SKILL.md)

iCloud CalDAV — Direct Calendar Access

Manage iCloud Calendar directly via CalDAV protocol. No third-party services, no data leaves your machine except to Apple's servers.

When to Use

Activate when the user wants to:

  • Check their calendar or upcoming events
  • Create new calendar events
  • Delete existing events
  • List available calendars

Do NOT use for:

  • Reminders (use apple-reminders skill if available)
  • Contacts (CalDAV is calendar-only)
  • Non-iCloud calendars (Google, Outlook, etc.)

Prerequisites

Required credentials:

  • APPLE_ID — Your Apple ID email address
  • APPLE_APP_PASSWORD — An app-specific password (NOT your regular Apple ID password)

To generate app-specific password:

  1. Go to appleid.apple.com
  2. Sign in → Sign-In and Security → App-Specific Passwords
  3. Generate a new password
  4. Use this password (not your regular one)

Quick Start

# Set credentials
export APPLE_ID="[email protected]"
export APPLE_APP_PASSWORD="xxxx-xxxx-xxxx-xxxx"

# List calendars
./scripts/caldav.py list-calendars

# List events for next 7 days
./scripts/caldav.py list-events --days 7

# Create an event
./scripts/caldav.py create-event \
  --title "Team Meeting" \
  --start "2025-07-23T14:00:00" \
  --duration 60 \
  --calendar "Work"

Available Operations

Operation Command Description
List calendars list-calendars Show all iCloud calendars
List events list-events Events in a date range
Create event create-event Add new calendar event
Delete event delete-event Remove event by filename or UID

Workflow Patterns

Creating Events

# Basic event
./scripts/caldav.py create-event \
  --title "Dentist Appointment" \
  --start "2025-07-25T09:30:00" \
  --duration 30

# With location and description
./scripts/caldav.py create-event \
  --title "Project Review" \
  --start "2025-07-26T14:00:00" \
  --duration 60 \
  --location "Conference Room B" \
  --description "Q3 planning review" \
  --calendar "Work"

# All-day event
./scripts/caldav.py create-event \
  --title "Vacation" \
  --start "2025-08-01" \
  --all-day

Batch Operations

Note: CalDAV does not support native batch operations. To create multiple events, run the script multiple times:

# Create multiple events by running the command multiple times
./scripts/caldav.py create-event --title "Meeting 1" --start "2025-07-26T10:00:00" --duration 60
./scripts/caldav.py create-event --title "Meeting 2" --start "2025-07-26T14:00:00" --duration 60
./scripts/caldav.py create-event --title "Meeting 3" --start "2025-07-27T09:00:00" --duration 60

iCloud handles rapid sequential requests well, but there is no single API call for creating multiple events.

Deleting Events

# Delete by filename
./scripts/caldav.py delete-event \
  --file "event-name.ics" \
  --calendar "Calendar"

# Delete by UID (searches calendar for matching event)
./scripts/caldav.py delete-event \
  --uid "[email protected]" \
  --calendar "Calendar"

Warning: Deletions are permanent. iCloud may have its own backup, but standard CalDAV DELETE immediately removes the event.

Date/Time Formats

  • ISO 8601: 2025-07-23T14:00:00 (assumes local timezone if none specified)
  • With timezone: 2025-07-23T14:00:00+08:00
  • All-day: 2025-07-23 (date only)

Security Notes

  • Credentials are read from environment variables only
  • No credentials are logged or stored
  • All communication is HTTPS to caldav.icloud.com
  • App-specific passwords can be revoked anytime at appleid.apple.com

Error Handling

Error Cause Solution
401 Unauthorized Bad credentials Check APPLE_ID and APPLE_APP_PASSWORD
404 Not Found Calendar/event doesn't exist List calendars/events first
403 Forbidden Read-only calendar Try a different calendar
Timeout Network issue Retry the request

References

  • See references/caldav-protocol.md for CalDAV implementation details
  • See references/icloud-endpoints.md for iCloud-specific endpoints
Usage Guidance
What to consider before installing: - The SKILL.md and the included Python script expect two secrets: APPLE_ID and APPLE_APP_PASSWORD (app-specific password). The registry metadata incorrectly lists no required env vars — treat that as a warning sign and do not supply credentials until you are confident about the code. - Inspect the full scripts/caldav.py file before use (or request it from the author). Confirm there are no hardcoded or alternative network endpoints, no logging of credentials, and no unexpected file writes or subprocess calls. SKILL.md claims communication is only to caldav.icloud.com; verify by searching the script for other hostnames or IP addresses. - The package references references/icloud-endpoints.md but that file is missing. Ask the publisher for the missing reference and for a verifiable source/homepage or code repository and prefer packages with an identified, reputable maintainer. - Run the tool in an isolated environment (sandbox or throwaway VM) the first time, and use a revocable app-specific password for testing. When finished, revoke the app-specific password at appleid.apple.com if you have any doubt. - If the author can update the registry metadata to declare APPLE_APP_PASSWORD as the primaryEnv and include the missing reference file (and provide a public code repository / homepage), that would increase confidence. If you cannot verify the code or author, prefer official Apple methods or well-known open-source CalDAV clients.
Capability Analysis
Type: OpenClaw Skill Name: icloud-caldav Version: 1.0.0 The skill bundle is generally well-behaved and aims to provide legitimate iCloud CalDAV functionality. However, the `scripts/caldav.py` file has a vulnerability in its `delete_event` function: the `filename` argument is directly appended to the calendar URL without sanitization for path traversal characters (e.g., `../`). While this targets the remote CalDAV server and relies on a server-side vulnerability for exploitation, it represents a lack of input sanitization in the client script itself, which could be exploited by a malicious prompt to the agent or a direct user input. Additionally, the manual ICS generation fallback in `create_event` hardcodes `TZID=Asia/Shanghai`, which is a functional bug but not a security vulnerability.
Capability Assessment
Purpose & Capability
The name/description (iCloud CalDAV) matches the behavior in SKILL.md and the included Python script: basic CalDAV operations against Apple servers using an Apple ID and an app-specific password are expected. However the registry metadata lists no required environment variables or primary credential, which contradicts SKILL.md and the code that expect APPLE_ID and APPLE_APP_PASSWORD.
Instruction Scope
SKILL.md instructs the agent/user to set APPLE_ID and APPLE_APP_PASSWORD in environment variables and run scripts/caldav.py; that is within expected scope. But SKILL.md also references a file (references/icloud-endpoints.md) that is not present in the package, and the runtime claims (e.g., "no credentials are logged or stored" and "All communication is HTTPS to caldav.icloud.com") are assertions you should verify by inspecting the full script. The presence of a substantial script file means the skill is not purely instruction-only; the agent will execute code packaged with the skill, so the instructions alone are not the entire surface.
Install Mechanism
There is no install spec (low friction), but the included Python script depends on third-party libraries (requests, icalendar). The script prints installation hints rather than installing dependencies itself. No network downloads or archive extraction metadata were provided, which reduces install risk; still, the packaged script will be executed by the agent when invoked.
Credentials
The SKILL.md and script legitimately require APPLE_ID and APPLE_APP_PASSWORD (app-specific password) — these are proportional to CalDAV access. However, the registry metadata does not declare these required environment variables or a primary credential, which is an incoherence that prevents automated systems and users from knowing what secrets will be needed or requested. That mismatch increases the risk of accidental credential exposure or misconfiguration.
Persistence & Privilege
The skill does not request permanent inclusion (always:false) and does not claim to modify other skills or global agent settings. There is no install script writing to system locations in the metadata. That said, the code is executed at runtime and could, if malicious, make arbitrary network calls — but nothing in the visible code indicates it attempts to persist beyond its own execution context.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install icloud-caldav
  3. After installation, invoke the skill by name or use /icloud-caldav
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: direct iCloud Calendar management via CalDAV. - Create, read, update, and delete iCloud calendar events from your own machine—no third-party services. - Interact with all calendars and events; list, create, delete with simple commands. - Requires Apple ID and app-specific password for secure access. - Handles scheduling, event lookup, and free-time search; batch operations not natively supported. - Secure: credentials only via environment, communicates directly with Apple servers.
Metadata
Slug icloud-caldav
Version 1.0.0
License
All-time Installs 3
Active Installs 3
Total Versions 1
Frequently Asked Questions

What is iCloud CalDav?

Direct iCloud Calendar integration via CalDAV protocol. Create, read, update, and delete calendar events without third-party services. Use when the user want... It is an AI Agent Skill for Claude Code / OpenClaw, with 1095 downloads so far.

How do I install iCloud CalDav?

Run "/install icloud-caldav" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is iCloud CalDav free?

Yes, iCloud CalDav is completely free (open-source). You can download, install and use it at no cost.

Which platforms does iCloud CalDav support?

iCloud CalDav is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created iCloud CalDav?

It is built and maintained by samuelhe52 (@samuelhe52); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments