Back to skill

Security audit

Apple Notes.Old

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Apple Notes helper, but it can read and change notes when you ask it to.

Install only if you are comfortable giving the memo CLI and your agent access to Apple Notes. Review selected notes carefully before edit, move, delete, or export actions, and revoke macOS Automation permission if you no longer use the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill explicitly supports destructive operations such as deleting and moving notes, but it does not warn users that these actions can permanently alter personal data. In the context of Apple Notes, this is sensitive user content, so omission of clear cautions and confirmation guidance increases the risk of accidental data loss or unintended modification.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs users to grant Automation access to Notes.app without clearly disclosing that this can expose the contents and metadata of personal notes to the CLI and any automation using it. Because Apple Notes often contains sensitive personal or business information, failing to explain the privacy implications can lead users to grant broad access without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.