← 返回 Skills 市场

Apple Cal Anywhere

Name: Apple Cal Anywhere
Author: xushen-ma

作者 Xushen · GitHub ↗ · v1.3.1 · MIT-0

cross-platform ✓ 安全检测通过

364

总下载

当前安装

版本数

在 OpenClaw 中安装

/install apple-cal-anywhere

功能描述

Your Apple Calendar, on any platform. iCloud Calendar skill via CalDAV (RFC 4791) — works on macOS/Linux, and Windows with env/keyring auth. Supports event C...

使用说明 (SKILL.md)

apple-cal-anywhere

Advanced Apple Calendar integration using CalDAV (RFC 4791) and Managed Attachments (RFC 8607).

Primary CLI

scripts/applecal.py

Capabilities

Event CRUD: List, Create, Update, Delete.
Multi-Calendar Support: Query multiple calendars in a single command.
True Attachments: RFC 8607 compatible (works on iPhone/iPad).
Free/Busy: CalDAV scheduling lookup with event-derived fallback.

Common Commands

List Events (Combined)

Check multiple calendars at once:

python3 scripts/applecal.py events list \
  --apple-id [email protected] \
  --calendar Family \
  --calendar Work \
  --from "2026-02-26T00:00:00Z" \
  --to "2026-02-26T23:59:59Z"

Create All-Day Event

python3 scripts/applecal.py events create \
  --apple-id [email protected] \
  --calendar Family \
  --summary "Birthday" \
  --start "2026-02-26" \
  --end "2026-02-26" \
  --all-day

Attach a File (iPhone Safe)

python3 scripts/applecal.py attach add \
  --apple-id [email protected] \
  --calendar Family \
  --uid \x3CUID> \
  --file /path/to/document.pdf

Free/Busy Check

python3 scripts/applecal.py freebusy \
  --apple-id [email protected] \
  --calendar Family \
  --from "2026-02-26T00:00:00Z" \
  --to "2026-02-26T23:59:59Z"

Notes

Birthdays: The virtual "Birthdays" calendar is not searchable via CalDAV. Key birthdays should be added as physical recurring events in the Family calendar for agent visibility.
Auth: Resolution order is APPLECAL_PASSWORD → Python keyring (if installed/configured) → macOS Keychain fallback. Run doctor to verify connectivity.
Event update clearing: Use events update --clear-location / --clear-description to explicitly remove optional fields.
Attachment safety: attach add blocks sensitive paths/names, allowlists file extensions, and supports optional directory scoping via APPLECAL_ATTACH_DIR.
Apple ID: Always pass --apple-id [email protected] (the iCloud account email, not necessarily your Apple ID login).

安全使用建议

This skill appears to do what it says: connect to iCloud CalDAV and manage events and attachments. Before installing, consider: 1) You must provide an app-specific Apple password (APPLECAL_PASSWORD) or store it in your keyring/Keychain — prefer keyring or macOS Keychain over putting secrets in shell profiles if you are on a shared machine or CI. 2) The attach/add command uploads files from your machine to iCloud; by default the script enforces an extension allowlist and blocks common sensitive paths/names, and you can further restrict uploads by setting APPLECAL_ATTACH_DIR to a specific folder. Review the attachment allowlist and sensitive-path patterns in scripts/applecal.py to ensure they match your expectations. 3) The tool invokes the macOS 'security' command when falling back to Keychain — this is expected for macOS credential retrieval. 4) The code is bundled in the skill; if you distrust the source, inspect scripts/applecal.py in full before running. 5) Run the provided 'doctor' and tests in an isolated environment (or sandbox) first, and avoid placing the app-specific password in shared CI environments. Overall the skill is coherent with its purpose; the remaining risks are operational (credential handling and file uploads), not indicators of misdirection.

功能分析

Type: OpenClaw Skill Name: apple-cal-anywhere Version: 1.3.1 The apple-cal-anywhere skill is a legitimate tool for managing iCloud calendars via CalDAV. The primary script, scripts/applecal.py, implements significant security guardrails for its file attachment feature, including an extension allowlist and blocklists for sensitive directories (e.g., .ssh, .aws) and filenames (e.g., .env, id_rsa). Authentication is handled through standard, secure methods such as environment variables, the Python keyring library, or the macOS Keychain.

能力评估

✓ Purpose & Capability

Name/description, CLI, and code all implement CalDAV calendar operations and managed attachments. Requested binary (python3) and required environment variable (APPLECAL_PASSWORD) are expected and necessary for iCloud CalDAV access.

ℹ Instruction Scope

Runtime instructions and code read APPLECAL_PASSWORD (or keyring/macOS Keychain) and connect to caldav.icloud.com; they also allow uploading local files as RFC-8607 managed attachments. Attachment handling includes extension allowlist and sensitive-path/name blocking, and an optional APPLECAL_ATTACH_DIR scoping feature. Note: the skill will read local files only when you explicitly use attach commands; otherwise it performs normal calendar API operations. There is a minor code-quality oddity in the truncated source (a likely erroneous 'return r' near keychain handling) — this looks like a bug, not malicious behavior, but you may want to inspect the full file.

✓ Install Mechanism

No install spec is provided (instruction-only install), and the code expects only standard Python plus the 'requests' library (and optional 'keyring'). This is low-risk compared with arbitrary remote downloads. The README instructs pip install requests (and optional keyring).

✓ Credentials

Only APPLECAL_PASSWORD is declared and used as the primary credential. The skill optionally consults local keyring or macOS Keychain as documented. No unrelated credentials, cloud provider keys, or broad system config paths are requested.

✓ Persistence & Privilege

The skill is not always-enabled, does not request persistent system-level privileges in metadata, and does not declare writes to other skills or system configuration. It uses local keyring/keychain only for credential retrieval, which is appropriate for its purpose.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install apple-cal-anywhere
安装完成后，直接呼叫该 Skill 的名称或使用 /apple-cal-anywhere 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.3.1

Fix recurring event expansion in event listing; fix TZID parsing for recurring event instances; add regression tests for recurrence listing behavior.

v1.3.0

apple-cal-anywhere 1.3.0 - Adds support for managed attachments (RFC 8607), compatible with iPhone and iPad. - Enables querying multiple calendars in a single command for event listing. - Introduces free/busy lookup with event-derived fallback. - Enhances event update with options to explicitly clear location or description fields. - Improves attachment safety with allowlisted file extensions, sensitive path blocking, and optional directory scoping via APPLECAL_ATTACH_DIR. - Expands authentication fallback order and clarifies use of the APPLECAL_PASSWORD environment variable.

元数据

Slug apple-cal-anywhere

版本 1.3.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题