Back to skill

Security audit

Notesctl

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a local Apple Notes helper whose sensitive access is expected for its stated purpose and not paired with exfiltration, persistence, or hidden behavior.

Install only if you are comfortable granting a local helper access to your Apple Notes. Review the bundled scripts and the memo CLI you use, avoid exporting sensitive notes unnecessarily, and expect macOS automation permission prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Tp4

High
Category
MCP Tool Poisoning
Confidence
85% confidence
Finding
The skill description promises deterministic local scripts, but the documented behavior also relies on the external `memo` tool and includes interactive editing/export flows that are less deterministic and less auditable. This mismatch can cause an agent or reviewer to trust the skill under incorrect assumptions, increasing the chance of unintended data exposure, unsafe invocation patterns, or execution of behaviors outside the reviewed scope.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.