Apple Notes Extractor
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill broadly extracts Apple Notes as advertised, but it also documents persistent automation, external-sharing workflows, and an unpinned runtime dependency that need careful review.
Install only if you intentionally want broad Apple Notes extraction. Before running full extraction or monitoring, review whether it will download third-party parser code, decide exactly which folders or outputs are allowed, avoid optional external integrations unless you understand where your notes will go, and disable any daemon or cron automation you do not need.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running full or automatic extraction may execute third-party code that was not included in the reviewed skill package.
Full extraction can fetch an unpinned external repository and install Ruby dependencies at runtime before executing the parser.
subprocess.run(["git", "clone", "https://github.com/threeplanetssoftware/apple_cloud_notes_parser.git"], ...) subprocess.run(["bundle", "install"], ...)
Vendor or pin the parser to a reviewed commit, declare git/ruby/bundle requirements, and require explicit user approval before downloading or executing external code.
Private notes could be copied into long-term agent memory and reused in later tasks without clear per-note review, retention, or deletion controls.
The automation guidance shows Apple Notes bodies being selected and fed into a persistent MEMORY.md-style workflow.
# Extract insights from notes for MEMORY.md
significant_notes = [
note for note in notes
if any(keyword in note['body'].lower()Make memory ingestion explicitly opt-in, allow folder-level scoping and preview, redact sensitive content, and document retention and deletion controls.
A user may believe notes stay local while following official integration examples that upload note content to third-party services or remote backups.
The integration guide includes examples that send or back up extracted note contents to external services, which conflicts with the skill's local-only privacy framing.
response = openai.ChatCompletion.create(... "content": f"Summarize this note in one sentence: {note['body'][:500]}" ...)
...
git push origin main
rsync -av . user@backup-server:/backups/apple-notes/Clearly separate local-only operation from optional external integrations, add warnings before any upload, and require explicit destination and data-scope confirmation.
The skill could continue monitoring and exporting private notes on a schedule if the user or agent follows these instructions.
The documentation presents recurring extraction and monitoring as active automation, not merely a manual one-time export.
Automated Workflows Active Daily (6:00 AM): - Extract all notes ... Real-time (Every 30 minutes, 9 AM - 5 PM): - Monitor for new or modified notes ... No further setup required - the system is operational and integrated!
Require explicit opt-in for daemon or cron behavior, show current automation status, and provide clear disable and cleanup instructions.
Granting these permissions lets the terminal or Python process access Apple Notes and, with Full Disk Access, potentially much more local data.
The skill requires sensitive macOS permissions to access Notes; this is purpose-aligned but grants broad local authority.
Enable your terminal app to control "Notes" ... Full Disk Access Add your terminal app or Python executable
Grant only the minimum permission needed, use a trusted terminal/Python environment, and revoke access after extraction if ongoing monitoring is not required.