Notes (Local, Apple, Notion, Obsidian & more)
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a transparent note-taking helper, but optional integrations can read and write your notes through local files, app CLIs, and service credentials.
This skill appears coherent for note-taking. Before installing, decide whether you want it limited to local ~/notes/ files or connected to external apps. If you enable Notion, Evernote, Bear, Apple Notes, or Obsidian, review the configured credentials, shared pages or vaults, and require confirmation before destructive edits or deletions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent can use the configured Notion integration to access and modify Notion pages or databases shared with that integration.
The Notion integration reads a local API key and uses it for authenticated Notion API requests. This is expected for the integration and is described as user-configured.
NOTION_KEY=$(cat ~/.config/notion/api_key)
Use a dedicated Notion integration with access only to intended pages, keep the key protected, and confirm which note types route to Notion.
Notes routed to cloud platforms may leave the local machine and be stored or processed by those providers.
The artifact explicitly discloses that Notion routing sends note data to an external provider API.
- Data leaves machine (sent to Notion API)
Enable cloud routing only for content you are comfortable sending to that service, and keep sensitive journals or private notes routed locally if desired.
Meeting details, people, tags, and action items can persist in ~/notes/ and be reused in later searches or summaries.
The skill maintains persistent local memory and action tracking across configured note platforms.
*Synced from all platforms. Action items always tracked here regardless of note location.*
Review ~/notes/config.md and ~/notes/actions.md periodically, avoid storing highly sensitive content if not needed, and delete or edit retained notes when appropriate.
If deletion commands are used carelessly, notes in an external vault or app could be removed.
The platform reference documents destructive note operations. They are purpose-aligned examples, not hidden or automatic behavior.
obsidian-cli delete "path/note"
Require explicit user confirmation before edit, move, or delete operations, and keep backups or version history for important notes.
Installing optional CLIs gives those tools their own local/app access and may introduce dependency risk.
Optional setup instructions install a third-party CLI at the latest version. This is user-directed and not automatic, but the dependency is unpinned.
go install github.com/tylerwince/grizzly/cmd/grizzly@latest
Install optional CLIs only from trusted sources, consider pinning versions where possible, and review each tool’s permissions before use.