The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The instructions in SKILL.md and TUTORIAL.md explicitly direct the AI to ask users for their Apple ID email and primary password in the chat. This practice is inherently unsafe as it exposes primary account credentials to the AI's conversation history and potential data retention logs.
[PROMPT_INJECTION]: The SKILL.md file contains 'Iron Rules' (铁律) that command the AI to prioritize tool execution over safety checks or user clarification. It instructs the agent to 'immediately run the command' without asking questions or seeking confirmation, which effectively overrides standard AI safety protocols regarding user intent verification.
[COMMAND_EXECUTION]: The script scripts/setup_tasks_cron.py utilizes subprocess.run to interact with the macOS launchctl system service. It programmatically creates and loads a .plist file to establish persistence on the host machine. Other scripts like icloud_tool.py and status_wall.py also use subprocess calls to execute secondary Python scripts.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of several third-party libraries via pip, including pyicloud, caldav, and icalendar. While these are well-known libraries, they are used here to handle highly sensitive iCloud authentication tokens and personal data.
[DATA_EXPOSURE]: As noted in SECURITY.md, credentials provided in the chat are stored in the conversation history. Furthermore, scripts/icloud_auth.py and scripts/icloud_tool.py cache session tokens and cookies in the local directory ~/.pyicloud/ to enable long-term access without re-authentication.

OpenClaw with Apple