Apple Notes

Security checks across malware telemetry and agentic risk

Overview

This skill transparently helps an agent work with Apple Notes on macOS, and its sensitive note access is disclosed and aligned with that purpose.

Install this only if you want an agent to operate on Apple Notes on macOS. Review any bulk organization plan, folder names, and destination mappings before execution, and require explicit confirmation before broad edits, moves, or deletes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger guidance includes generic phrases such as reading, creating, updating, organizing, and saving content that can match many ordinary user requests. This can cause unintended invocation of a skill that reads or modifies Apple Notes, increasing the chance of unnecessary access to sensitive note contents or accidental note changes when a narrower skill or plain reasoning would have been more appropriate.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The skill recommends specific Chinese folder names as preferred destinations without user opt-in, workspace detection, or locale justification. In context, this can lead to misfiling, confusing folder creation, and unauthorized organizational changes in a user's Notes environment, especially for users who do not use Chinese labels or already follow a different taxonomy.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal