ClawHub
Back to skill
v1.0.1

Apple Notes

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:32 AM.

Analysis

This is a coherent Apple Notes helper, but it can read, edit, delete, and export your notes once you grant macOS Notes automation access.

GuidanceInstall this only if you want Clawdbot to manage your Apple Notes. Verify the memo CLI source, grant Notes automation access only when needed, and be careful with requests that delete, export, or reveal sensitive notes.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
Create, view, edit, delete, search, move notes between folders, and export to HTML/Markdown.

The skill exposes note mutation and deletion operations. These are disclosed and purpose-aligned, but they can change or remove user data.

User impactIf invoked, the agent can help modify, move, export, or delete Apple Notes content.
RecommendationUse the skill only for intentional Notes management and review interactive delete, move, and export selections carefully.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceMediumStatusNote
SKILL.md
Install (Homebrew): `brew tap antoniorodr/memo && brew install antoniorodr/memo/memo`

The skill depends on an external Homebrew tap/formula for the memo CLI. This is disclosed and expected for a CLI wrapper, but it is still an upstream dependency to trust.

User impactInstalling the skill requires installing and trusting the external memo command-line tool.
RecommendationVerify the memo Homebrew formula and homepage before installing, especially because the skill itself does not bundle the CLI code.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
macOS-only; if prompted, grant Automation access to Notes.app.

Granting Automation access allows the CLI used by the agent to control Notes.app under the user's local account.

User impactThe agent may operate on Apple Notes data available to the signed-in macOS user.
RecommendationGrant Automation access only if you trust the memo CLI and revoke the permission in macOS settings when it is no longer needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceMediumStatusNote
SKILL.md
View Notes - List all notes: `memo notes` ... Search notes (fuzzy): `memo notes -s "query"`

Viewing or searching persistent notes can bring private or untrusted note text into the agent's working context.

User impactPrivate note content may be displayed to or used by the agent during requested tasks.
RecommendationAvoid asking the agent to open or search sensitive notes unless you are comfortable exposing that content in the session.