Back to skill
Skillv1.0.0
VirusTotal security
Apple Notes Extractor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:53 AM
- Hash
- f7ab8397b19c40c26f66eec861b25a82682efd468783ff3367a37646d6345b91
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: apple-notes-extractor Version: 1.0.0 The skill is classified as suspicious due to several risky capabilities, even though its stated purpose (Apple Notes extraction) appears benign. Key indicators include: 1) Extensive use of `subprocess.run` to execute `osascript` and `ruby` commands in `scripts/extract-notes.py` and `scripts/monitor-notes.py`, which, while necessary for its function, presents a significant attack surface for shell/AppleScript injection if not perfectly sanitized (though no direct unsanitized user input is evident). 2) The `scripts/setup.sh` and `scripts/extract-notes.py` clone an external Ruby parser (`https://github.com/threeplanetssoftware/apple_cloud_notes_parser.git`) via `git clone`, introducing a supply chain risk if the upstream repository were compromised. 3) The `scripts/monitor-notes.py` includes a configurable `webhook_url` for notifications, which, if enabled and set to a malicious endpoint by a user or a prompt-injected agent, could lead to data exfiltration, although it is disabled by default in `configs/monitor.json`. While the documentation (`AUTOMATION_INTEGRATION.md`, `INTEGRATION.md`) contains examples of potentially risky commands (e.g., `git push`, `requests.post` to external APIs), these are presented as integration instructions for the user/agent to configure, not as direct malicious commands for the skill to execute by default.
- External report
- View on VirusTotal