← 返回 Skills 市场
iCloud CalDav
作者
samuelhe52
· GitHub ↗
· v1.0.0
1095
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install icloud-caldav
功能描述
Direct iCloud Calendar integration via CalDAV protocol. Create, read, update, and delete calendar events without third-party services. Use when the user want...
使用说明 (SKILL.md)
iCloud CalDAV — Direct Calendar Access
Manage iCloud Calendar directly via CalDAV protocol. No third-party services, no data leaves your machine except to Apple's servers.
When to Use
Activate when the user wants to:
- Check their calendar or upcoming events
- Create new calendar events
- Delete existing events
- List available calendars
Do NOT use for:
- Reminders (use
apple-remindersskill if available) - Contacts (CalDAV is calendar-only)
- Non-iCloud calendars (Google, Outlook, etc.)
Prerequisites
Required credentials:
APPLE_ID— Your Apple ID email addressAPPLE_APP_PASSWORD— An app-specific password (NOT your regular Apple ID password)
To generate app-specific password:
- Go to appleid.apple.com
- Sign in → Sign-In and Security → App-Specific Passwords
- Generate a new password
- Use this password (not your regular one)
Quick Start
# Set credentials
export APPLE_ID="[email protected]"
export APPLE_APP_PASSWORD="xxxx-xxxx-xxxx-xxxx"
# List calendars
./scripts/caldav.py list-calendars
# List events for next 7 days
./scripts/caldav.py list-events --days 7
# Create an event
./scripts/caldav.py create-event \
--title "Team Meeting" \
--start "2025-07-23T14:00:00" \
--duration 60 \
--calendar "Work"
Available Operations
| Operation | Command | Description |
|---|---|---|
| List calendars | list-calendars |
Show all iCloud calendars |
| List events | list-events |
Events in a date range |
| Create event | create-event |
Add new calendar event |
| Delete event | delete-event |
Remove event by filename or UID |
Workflow Patterns
Creating Events
# Basic event
./scripts/caldav.py create-event \
--title "Dentist Appointment" \
--start "2025-07-25T09:30:00" \
--duration 30
# With location and description
./scripts/caldav.py create-event \
--title "Project Review" \
--start "2025-07-26T14:00:00" \
--duration 60 \
--location "Conference Room B" \
--description "Q3 planning review" \
--calendar "Work"
# All-day event
./scripts/caldav.py create-event \
--title "Vacation" \
--start "2025-08-01" \
--all-day
Batch Operations
Note: CalDAV does not support native batch operations. To create multiple events, run the script multiple times:
# Create multiple events by running the command multiple times
./scripts/caldav.py create-event --title "Meeting 1" --start "2025-07-26T10:00:00" --duration 60
./scripts/caldav.py create-event --title "Meeting 2" --start "2025-07-26T14:00:00" --duration 60
./scripts/caldav.py create-event --title "Meeting 3" --start "2025-07-27T09:00:00" --duration 60
iCloud handles rapid sequential requests well, but there is no single API call for creating multiple events.
Deleting Events
# Delete by filename
./scripts/caldav.py delete-event \
--file "event-name.ics" \
--calendar "Calendar"
# Delete by UID (searches calendar for matching event)
./scripts/caldav.py delete-event \
--uid "[email protected]" \
--calendar "Calendar"
Warning: Deletions are permanent. iCloud may have its own backup, but standard CalDAV DELETE immediately removes the event.
Date/Time Formats
- ISO 8601:
2025-07-23T14:00:00(assumes local timezone if none specified) - With timezone:
2025-07-23T14:00:00+08:00 - All-day:
2025-07-23(date only)
Security Notes
- Credentials are read from environment variables only
- No credentials are logged or stored
- All communication is HTTPS to
caldav.icloud.com - App-specific passwords can be revoked anytime at appleid.apple.com
Error Handling
| Error | Cause | Solution |
|---|---|---|
| 401 Unauthorized | Bad credentials | Check APPLE_ID and APPLE_APP_PASSWORD |
| 404 Not Found | Calendar/event doesn't exist | List calendars/events first |
| 403 Forbidden | Read-only calendar | Try a different calendar |
| Timeout | Network issue | Retry the request |
References
- See
references/caldav-protocol.mdfor CalDAV implementation details - See
references/icloud-endpoints.mdfor iCloud-specific endpoints
安全使用建议
What to consider before installing:
- The SKILL.md and the included Python script expect two secrets: APPLE_ID and APPLE_APP_PASSWORD (app-specific password). The registry metadata incorrectly lists no required env vars — treat that as a warning sign and do not supply credentials until you are confident about the code.
- Inspect the full scripts/caldav.py file before use (or request it from the author). Confirm there are no hardcoded or alternative network endpoints, no logging of credentials, and no unexpected file writes or subprocess calls. SKILL.md claims communication is only to caldav.icloud.com; verify by searching the script for other hostnames or IP addresses.
- The package references references/icloud-endpoints.md but that file is missing. Ask the publisher for the missing reference and for a verifiable source/homepage or code repository and prefer packages with an identified, reputable maintainer.
- Run the tool in an isolated environment (sandbox or throwaway VM) the first time, and use a revocable app-specific password for testing. When finished, revoke the app-specific password at appleid.apple.com if you have any doubt.
- If the author can update the registry metadata to declare APPLE_APP_PASSWORD as the primaryEnv and include the missing reference file (and provide a public code repository / homepage), that would increase confidence. If you cannot verify the code or author, prefer official Apple methods or well-known open-source CalDAV clients.
功能分析
Type: OpenClaw Skill
Name: icloud-caldav
Version: 1.0.0
The skill bundle is generally well-behaved and aims to provide legitimate iCloud CalDAV functionality. However, the `scripts/caldav.py` file has a vulnerability in its `delete_event` function: the `filename` argument is directly appended to the calendar URL without sanitization for path traversal characters (e.g., `../`). While this targets the remote CalDAV server and relies on a server-side vulnerability for exploitation, it represents a lack of input sanitization in the client script itself, which could be exploited by a malicious prompt to the agent or a direct user input. Additionally, the manual ICS generation fallback in `create_event` hardcodes `TZID=Asia/Shanghai`, which is a functional bug but not a security vulnerability.
能力评估
Purpose & Capability
The name/description (iCloud CalDAV) matches the behavior in SKILL.md and the included Python script: basic CalDAV operations against Apple servers using an Apple ID and an app-specific password are expected. However the registry metadata lists no required environment variables or primary credential, which contradicts SKILL.md and the code that expect APPLE_ID and APPLE_APP_PASSWORD.
Instruction Scope
SKILL.md instructs the agent/user to set APPLE_ID and APPLE_APP_PASSWORD in environment variables and run scripts/caldav.py; that is within expected scope. But SKILL.md also references a file (references/icloud-endpoints.md) that is not present in the package, and the runtime claims (e.g., "no credentials are logged or stored" and "All communication is HTTPS to caldav.icloud.com") are assertions you should verify by inspecting the full script. The presence of a substantial script file means the skill is not purely instruction-only; the agent will execute code packaged with the skill, so the instructions alone are not the entire surface.
Install Mechanism
There is no install spec (low friction), but the included Python script depends on third-party libraries (requests, icalendar). The script prints installation hints rather than installing dependencies itself. No network downloads or archive extraction metadata were provided, which reduces install risk; still, the packaged script will be executed by the agent when invoked.
Credentials
The SKILL.md and script legitimately require APPLE_ID and APPLE_APP_PASSWORD (app-specific password) — these are proportional to CalDAV access. However, the registry metadata does not declare these required environment variables or a primary credential, which is an incoherence that prevents automated systems and users from knowing what secrets will be needed or requested. That mismatch increases the risk of accidental credential exposure or misconfiguration.
Persistence & Privilege
The skill does not request permanent inclusion (always:false) and does not claim to modify other skills or global agent settings. There is no install script writing to system locations in the metadata. That said, the code is executed at runtime and could, if malicious, make arbitrary network calls — but nothing in the visible code indicates it attempts to persist beyond its own execution context.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install icloud-caldav - 安装完成后,直接呼叫该 Skill 的名称或使用
/icloud-caldav触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: direct iCloud Calendar management via CalDAV.
- Create, read, update, and delete iCloud calendar events from your own machine—no third-party services.
- Interact with all calendars and events; list, create, delete with simple commands.
- Requires Apple ID and app-specific password for secure access.
- Handles scheduling, event lookup, and free-time search; batch operations not natively supported.
- Secure: credentials only via environment, communicates directly with Apple servers.
元数据
常见问题
iCloud CalDav 是什么?
Direct iCloud Calendar integration via CalDAV protocol. Create, read, update, and delete calendar events without third-party services. Use when the user want... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1095 次。
如何安装 iCloud CalDav?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install icloud-caldav」即可一键安装,无需额外配置。
iCloud CalDav 是免费的吗?
是的,iCloud CalDav 完全免费(开源免费),可自由下载、安装和使用。
iCloud CalDav 支持哪些平台?
iCloud CalDav 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 iCloud CalDav?
由 samuelhe52(@samuelhe52)开发并维护,当前版本 v1.0.0。
推荐 Skills