v1.0.0

apple-notes-writer

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:35 AM.

Analysis

The skill matches its Apple Notes purpose, but needs review because it can read/modify iCloud Notes and builds AppleScript commands from insufficiently escaped folder/account inputs.

GuidanceUse this only on macOS if you are comfortable with an agent automating Apple Notes. Before installing, consider fixing the AppleScript escaping issue, and when using it, verify the exact title, folder, content, and update mode so important notes are not overwritten.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/apple_notes.py

parser.add_argument('--folder', default='Notes', help='Target folder') ... set targetFolder to folder "{folder}" of targetAccount ... subprocess.run(['osascript', '-e', script], ...)

The folder value is exposed as a CLI/API parameter, interpolated directly into an AppleScript string, and then executed with osascript. Unlike title/body, folder/account fields are not passed through _escape_for_applescript.

User impactA crafted or untrusted folder/account value could make the agent run unintended AppleScript or operate on an unintended Notes scope.

RecommendationEscape every AppleScript string parameter, including account, folder, and folder names in return strings; validate folder/account names against known values; and require explicit confirmation before executing osascript for writes or updates.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none; OS restriction: none; Required binaries: none; Install specifications: No install spec

The registry metadata does not declare the macOS/Apple Notes/osascript runtime expectations, even though the skill documentation and implementation rely on them.

User impactThe installer or user may not receive clear compatibility and runtime-authority warnings before enabling the skill.

RecommendationDeclare macOS-only compatibility and required local automation dependencies, and provide a verifiable source/homepage if available.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

scripts/apple_notes.py

def __init__(self, account: str = "iCloud") ... set body of targetNote to noteBody ... return body of targetNote

The skill uses the locally signed-in iCloud Notes account to write/update notes and to read note bodies. This is expected for an Apple Notes writer, but it is sensitive account access.

User impactThe agent can see note contents it reads and can overwrite existing notes when update mode is used.

RecommendationInstall only if you are comfortable granting Apple Notes automation access. Confirm the target account, folder, title, and content before read/update actions, and avoid using update mode without a backup for important notes.