v1.1.3

Notes (Local, Apple, Notion, Obsidian & more)

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:31 AM.

Analysis

The skill is a transparent note-taking helper, but optional integrations can read and write your notes through local files, app CLIs, and service credentials.

GuidanceThis skill appears coherent for note-taking. Before installing, decide whether you want it limited to local ~/notes/ files or connected to external apps. If you enable Notion, Evernote, Bear, Apple Notes, or Obsidian, review the configured credentials, shared pages or vaults, and require confirmation before destructive edits or deletions.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

obsidian.md

obsidian-cli delete "path/note"

The platform reference documents destructive note operations. They are purpose-aligned examples, not hidden or automatic behavior.

User impactIf deletion commands are used carelessly, notes in an external vault or app could be removed.

RecommendationRequire explicit user confirmation before edit, move, or delete operations, and keep backups or version history for important notes.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

bear.md

go install github.com/tylerwince/grizzly/cmd/grizzly@latest

Optional setup instructions install a third-party CLI at the latest version. This is user-directed and not automatic, but the dependency is unpinned.

User impactInstalling optional CLIs gives those tools their own local/app access and may introduce dependency risk.

RecommendationInstall optional CLIs only from trusted sources, consider pinning versions where possible, and review each tool’s permissions before use.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

notion.md

NOTION_KEY=$(cat ~/.config/notion/api_key)

The Notion integration reads a local API key and uses it for authenticated Notion API requests. This is expected for the integration and is described as user-configured.

User impactIf enabled, the agent can use the configured Notion integration to access and modify Notion pages or databases shared with that integration.

RecommendationUse a dedicated Notion integration with access only to intended pages, keep the key protected, and confirm which note types route to Notion.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

notion.md

- Data leaves machine (sent to Notion API)

The artifact explicitly discloses that Notion routing sends note data to an external provider API.

User impactNotes routed to cloud platforms may leave the local machine and be stored or processed by those providers.

RecommendationEnable cloud routing only for content you are comfortable sending to that service, and keep sensitive journals or private notes routed locally if desired.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

memory-template.md

*Synced from all platforms. Action items always tracked here regardless of note location.*

The skill maintains persistent local memory and action tracking across configured note platforms.

User impactMeeting details, people, tags, and action items can persist in ~/notes/ and be reused in later searches or summaries.

RecommendationReview ~/notes/config.md and ~/notes/actions.md periodically, avoid storing highly sensitive content if not needed, and delete or edit retained notes when appropriate.