ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Apple Notes Extractor

v1.0.0

Extract and monitor Apple Notes content for workflow integration. Supports bulk extraction, real-time monitoring, and export to various formats.

0· 732·2 current·2 all-time
by@ianderrington
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description promise local, privacy-first extraction and monitoring of Apple Notes, which fits the included extraction and monitor scripts (osascript + Python). However the bundle also includes code and docs that enable remote integrations (Notion migration, Elasticsearch indexing, rsync to remote backup servers, webhook handlers, and a Flask API server that serves extracted notes). Those networking/integration capabilities are not reflected in the skill metadata (no required env vars declared) and contradict the 'no data sent to external services' claim in SKILL.md/README — this is an incoherence worth flagging.
!
Instruction Scope
SKILL.md instructs running setup.sh and the extraction/monitoring scripts (expected). But documentation and automation files also push cron jobs, root-level helper scripts, an API server (api-server.py) exposing notes, and a webhook handler (webhook-handler.py). SKILL.md and other docs repeatedly claim 'all processing happens locally' while the code contains explicit network I/O (requests to external APIs, rsync to user@backup-server, git clone, remote indexing). The instructions do not clearly call out these network features or recommend secure configuration (authentication, firewall).
Install Mechanism
There is no formal install spec (instruction-only), which limits automatic disk writes. However the code includes runtime installation behavior: install_ruby_parser() will git-clone an external GitHub repo and run bundle install if the Ruby parser is needed. setup.sh is present (not shown) and may perform additional setup. Pulling code at runtime from external repos is common for optional components but increases risk — review setup.sh and the git target before running.
!
Credentials
Metadata declares no required environment variables or credentials, but multiple files contain examples or hardcoded placeholders that expect secrets/credentials (NOTION_TOKEN, DATABASE_ID, WEBHOOK_SECRET, remote rsync user). The skill will operate without env vars for local extraction, but the presence of networked integrations requiring secrets (and not declared up front) is a mismatch and could lead users to accidentally supply credentials in insecure ways or enable exfiltration-capable features unknowingly.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only. That said, the repo contains many example automation/cron entries and statements (AUTOMATION_INTEGRATION.md, INTEGRATION_CHECKLIST.md) that claim the system will be added to daily automation and begin extracting automatically. Those changes are only performed if a user or their scripts install them, but the documentation is written as if it has already integrated itself — be cautious and verify any cron or startup changes in setup.sh and any helper scripts before enabling them.
What to consider before installing
What to check before installing or running this skill: - Review setup.sh before running: it may create cron jobs or modify your environment. Do not run it blindly; inspect it in a text editor or run it in a sandbox/VM first. - Search the repository for network- and auth-related files: api-server.py (starts a Flask app, debug=True, no auth), webhook-handler.py (uses a webhook secret placeholder), migration scripts (Notion/Elasticsearch), and any rsync/ssh examples. Treat these as optional features that must be manually enabled and secured. - If you plan to use the API/webhook features: require strong authentication, disable Flask debug mode, bind the server to localhost only or put behind an authenticated reverse proxy, and add access controls. Do not expose the API to the public internet without TLS and auth. - The skill claims 'no data sent to external services' but includes explicit code to send data externally; assume the capability exists and only enable those workflows intentionally. Check configs/workflows.json and configs/monitor.json — set auto_export and webhooks to null/disabled if you want strictly local operation. - Remove or replace hardcoded placeholder secrets and do not commit real tokens. Provide credentials via secure environment mechanisms only if you understand the downstream integrations. - If you want to be extra safe, run the tool in an isolated environment (VM/container) and test with dummy notes before trusting it with your real Notes data. If you want, I can: (1) scan specific files such as setup.sh, api-server.py, and webhook-handler.py and summarize exact lines that enable network/exfil behavior; (2) suggest minimal config edits to run in a strictly-local, non-networked mode.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bvqdw4n0bka4a1r636xhrq18138j8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis
Binspython3, osascript

Comments