Apple Notes Updater

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it can overwrite Apple Notes directly and has an input-handling flaw that could run unintended AppleScript if a crafted note title is used.

Review before installing or using. Only use note titles and content you control, test on a disposable note first, and assume the existing body will be replaced. The script should be fixed to pass or escape the title safely and should ideally add confirmation, dry-run, or backup behavior before routine use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly enables non-interactive modification of Apple Notes content, but the description and usage guidance do not clearly warn users that it can overwrite note contents automatically. In an agent setting, this increases the risk of unintended destructive actions, silent content tampering, or user surprise because the capability is powerful and targets personal data in Notes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal