Is ashtonau/pear-icloud safe?

https://github.com/openclaw/skills/tree/main/skills/ashtonau/pear-icloud

100
SAFE

This is a legitimate iCloud integration skill that provides calendar, reminders, and contacts management through documented CalDAV/CardDAV protocols via the Pear service. The skill contains only documentation files with no executable code, demonstrates no malicious behavior, and includes appropriate safety guidelines for destructive operations.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (1)

INFO Third-party service dependency -5

The skill requires users to trust the Pear MCP service (pearmcp.com) with their iCloud credentials via app-specific passwords. While this is clearly documented and uses standard CalDAV/CardDAV protocols, it introduces a dependency on an external service.