Apple Reminders (remindctl)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Apple Reminders helper, but it relies on an external CLI and can change iCloud-synced reminders, with limited optional persistence into Open Brain.
This skill appears purpose-aligned and not malicious. Before installing, make sure you trust the external remindctl Homebrew tool, are comfortable granting macOS Reminders Automation access, and understand that reminder changes sync through iCloud and selected durable context may be stored in Open Brain.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can add, edit, or complete reminders through the CLI without a second terminal confirmation.
The skill intentionally runs reminder commands without interactive CLI prompts. This is purpose-aligned for an agent helper, and the file includes limiting rules such as no deletes, but users should understand that write actions can be applied directly.
Always pass `--no-input` to ensure non-interactive execution.
Use the skill for explicit reminder-management tasks and review the agent's summary of completed changes.
Reminder changes can appear across the user's iPhone, Watch, Mac, and other Apple devices.
The skill needs Apple Reminders Automation authority and operates on iCloud-synced reminder data. This is expected for the stated purpose, but it is account/device-affecting access.
Requires macOS Reminders Automation permission (granted) ... All operations target the user's iCloud Reminders
Install only if you want this agent to manage your Apple Reminders, and revoke macOS Automation permission if you no longer want that access.
The scan can review the skill instructions, but not the external remindctl binary installed from Homebrew.
The operational behavior depends on an external Homebrew-installed CLI that is not included in the scanned skill package. This is coherent with the skill purpose, but users must separately trust that tool and tap.
`remindctl` is installed via Homebrew: `brew install steipete/tap/remindctl`
Verify the Homebrew tap and remindctl project before installing or authorizing it.
Some reminder-related information, potentially including health or routine details, may be retained in a separate memory store if treated as durable context.
The skill can create persistent cross-store context for durable reminder-related facts. It says most reminders should not be mirrored, which limits scope, but this still may persist sensitive personal context outside Apple Reminders.
create the reminder first, then capture a thought in Open Brain referencing the reminder by its ID prefix
Be explicit about whether sensitive reminders should or should not be mirrored into Open Brain.