The Agent Skills Directory

[PROMPT_INJECTION]: The SKILL.md file contains 'Iron Rules' (铁律) that explicitly instruct the AI agent to bypass standard conversational confirmations and execute commands immediately upon detecting task-related keywords. This overrides typical safety and helpfulness behaviors by forcing immediate execution and prohibiting clarification questions.
[CREDENTIALS_UNSAFE]: The skill instructs the user to provide their primary Apple ID email and main password to the AI. The scripts then store these credentials in environment variables (ICLOUD_PASSWORD) to facilitate non-interactive login via the pyicloud library. Handling primary account passwords in plain-text environment variables is a high-risk security practice.
[COMMAND_EXECUTION]: Multiple scripts, including setup_tasks_cron.py, icloud_tool.py, and status_wall.py, use the subprocess module to dynamically execute other Python scripts and system utilities like launchctl for task scheduling and status monitoring.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of external dependencies (pyicloud, caldav, icalendar) from the official Python Package Index (PyPI). It also references official Apple icloud.com URLs for iOS Shortcut imports, which are considered well-known and safe sources.

OpenClaw with Apple