← 返回 Skills 市场

Icloud Calendar Skill

Name: Icloud Calendar Skill
Author: teenlucifer

作者 Jintao Wang · GitHub ↗ · v0.1.0

cross-platform ⚠ suspicious

453

总下载

当前安装

版本数

在 OpenClaw 中安装

/install icloud-calendar

功能描述

Add events to iCloud Calendar via CalDAV. Syncs to iPhone automatically with alarm reminders.

使用说明 (SKILL.md)

iCloud Calendar

Add events to iCloud Calendar via CalDAV. Automatically syncs to iPhone with alarm reminders.

Features

✅ Add events to iCloud Calendar
✅ iPhone push notifications via calendar alerts
✅ Customizable reminder times (default 15 min + 5 min)
✅ Works with any iCloud account
✅ Credentials stored in local .env file

Setup

1. Get iCloud App Specific Password

Go to appleid.apple.com
Sign in → "Sign-In and Security"
Click "App-Specific Passwords" → "+"
Create a new password and save it

2. Configure Credentials

cp secrets/.env.example secrets/.env
# Edit secrets/.env with your credentials

Or set environment variables directly:

export ICLOUD_EMAIL="[email protected]"
export ICLOUD_PASSWORD="your-app-specific-password"

Usage

python3 scripts/add_event.py "Event Title" "YYYY-MM-DDTHH:MM:SS" "YYYY-MM-DDTHH:MM:SS" "Description"

Examples

# Add a simple event
python3 scripts/add_event.py "团队会议" "2026-03-10T14:00:00" "2026-03-10T15:00:00" "讨论项目进度"

# Add event with default 1 hour duration
python3 scripts/add_event.py "医生预约" "2026-03-15T09:00:00"

Security & Privacy

Credentials: Stored locally in secrets/.env (gitignored, never committed)
Data in transit: Credentials sent only to Apple's iCloud CalDAV servers
No external services: Only communicates with caldav.icloud.com
User control: Users must provide their own iCloud credentials

External Endpoints

Endpoint	Data Sent	Purpose
`https://caldav.icloud.com`	iCloud email + App-Specific Password (Base64 auth), Event data (.ics)	Create calendar events

Trust Statement

This skill sends your iCloud credentials to Apple's iCloud servers to create calendar events. Only install if you trust Apple with your iCloud account. The skill does not store or exfiltrate any data beyond direct communication with iCloud.

Technical Details

Uses iCloud CalDAV API (PROPFIND + PUT methods)
Calendar path format: /\x3Cuser_id>/calendars/home/
Creates iCalendar (.ics) events with VALARM reminders
Supports multiple alarm triggers

License

MIT License

安全使用建议

This skill largely does what it claims (creates iCloud calendar events), but there are a few red flags to check before installing/use: - Review the script before running. The script hardcodes CALENDAR_HOME instead of performing the claimed auto-discovery; this is a mismatch between docs and implementation and could cause failures or unexpected calendar selection. - Confirm the script only contacts https://caldav.icloud.com (it does), and that no other network endpoints are added in your copy. You can monitor network calls when first running it. - Do NOT hardcode your real iCloud credentials into the script. Use an app-specific password and store it in a local, gitignored secrets/.env as the SKILL.md suggests. - Verify the repository origin and consider cloning from the declared homepage (or your own vetted source). The source listed (GitHub link) should be inspected to ensure it hasn’t been tampered with. - The provided script is missing some imports and has simplified parsing; expect to test it in a safe environment first (e.g., throwaway iCloud account or network sandbox) and review/fix the code as needed. If you want to proceed: inspect and (if necessary) fix the script to implement proper CalDAV discovery (PROPFIND), confirm credentials handling is safe (gitignored secrets folder), and run initial tests with an app-specific password on an account you trust. If you’re not comfortable reviewing Python code, do not install or run it with your primary iCloud credentials.

功能分析

Type: OpenClaw Skill Name: icloud-calendar Version: 0.1.0 The skill is classified as suspicious due to the inclusion of a hardcoded iCloud internal ID (DSID '8132224793') in the CALENDAR_HOME path and a lack of input sanitization when constructing the iCalendar (.ics) payload in scripts/add_event.py, which could allow for injection attacks. Furthermore, the script is functionally broken as it attempts to use several modules (uuid, base64, urllib.request, and datetime) without importing them at the file level, which is highly irregular for a published skill. While no evidence of data exfiltration to third-party domains was found (it only communicates with caldav.icloud.com), the combination of hardcoded identifiers and poor code quality poses a security risk.

能力评估

✓ Purpose & Capability

Name/description, required binaries (python3), and required env vars (ICLOUD_EMAIL, ICLOUD_PASSWORD) match the declared purpose (CalDAV access to iCloud). Requesting an iCloud email and app-specific password is proportionate for a calendar-creation tool.

⚠ Instruction Scope

SKILL.md and README claim an auto-discovery feature for the calendar home path, but the included script hardcodes CALENDAR_HOME = "/8132224793/calendars/home/" rather than performing a PROPFIND discovery. The script reads credentials from secrets/.env (which is declared) — that's expected — but the README also suggests editing credentials directly in the script (bad practice). The documentation states it only talks to caldav.icloud.com and the code uses that URL, which is consistent, but the implementation is misleading about discovery and may not work as advertised.

✓ Install Mechanism

No install spec (instruction-only plus a small script). Nothing is downloaded from untrusted URLs and no install-time code will be executed by a package manager. This is a lower-risk install model, but local script execution still requires review.

ℹ Credentials

Only ICLOUD_EMAIL and ICLOUD_PASSWORD are required, which is appropriate. The skill encourages storing credentials in secrets/.env (local). That is proportionate, but users should ensure the secrets folder is actually gitignored and avoid hardcoding credentials into scripts as suggested in README.

✓ Persistence & Privilege

always is false and the skill does not request system-wide config changes or modify other skills. It only reads a local secrets file and uses network calls to Apple's CalDAV endpoint.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install icloud-calendar
安装完成后，直接呼叫该 Skill 的名称或使用 /icloud-calendar 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.0

Initial release – add iCloud Calendar event support via CalDAV. - Add events directly to iCloud Calendar; syncs with iPhone automatically. - Supports customizable alarm reminders (default 15 and 5 minutes before). - Stores credentials locally in a .env file or via environment variables. - Only communicates with Apple's official CalDAV endpoint. - Provides clear setup steps and usage examples for adding events.

元数据

Slug icloud-calendar

版本 0.1.0

许可证 —

累计安装 3

当前安装数 3

历史版本数 1

常见问题