Foam Notes
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for managing a local Foam notes workspace, but it can scan and modify Markdown notes in the configured workspace.
This appears safe for its stated purpose if you want an agent to help manage a Foam Markdown workspace. Before installing, configure the Foam root to the correct folder, avoid running it on unrelated private directories, and review/backup notes before using auto-apply, rename, delete, or force options.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can create or change files in your notes workspace when its commands are used.
The helper script writes new Markdown files to the selected output directory. This is core to note creation, but it means the skill has local file mutation capability.
output_dir.mkdir(parents=True, exist_ok=True) ... filepath.write_text(content)
Set the Foam root and output directory deliberately, keep backups or version control for important notes, and use preview/dry-run modes where available before bulk changes.
Information from your local notes, such as titles, paths, links, and tags, may be surfaced in responses or command output.
The graph summary script recursively reads Markdown files under the Foam root to analyze links and note structure. This is expected for a Foam graph tool, but it can bring private note metadata/content-derived results into the agent session.
for md_file in foam_root.rglob("*.md"): ... content = md_file.read_text()Only run the skill against the intended Foam workspace, and avoid pointing it at directories containing unrelated or highly sensitive Markdown files.