Security audit

Apple Notes

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Apple Notes management skill, with the main caution that note deletion should be confirmed because it can remove user data.

Install only if you want the agent to manage your local Apple Notes. Before deleting a note, ask the agent to show or list the exact target first and require an explicit confirmation such as the note title and folder. Avoid using it on highly sensitive notes unless you are comfortable with the agent reading their contents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly documents a delete operation for Apple Notes but does not warn users that it removes data and may be irreversible. In an agent-driven context, omission of a destructive-action warning increases the chance of accidental data loss, especially because notes may contain important personal or business information and the operation is presented as a normal management action.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal