Pub Applenotes
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is branded around Apple Notes but primarily documents a broad SkillBoss API gateway that requires an API key and can invoke unrelated model, email, and SMS capabilities.
Install this only if you intentionally want a SkillBoss multi-provider AI gateway, not just Apple Notes management. Use a restricted API key if possible, avoid sending private notes or documents unless you accept the external data flow, and require explicit confirmation before any email, SMS, or batch action.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user expecting an Apple Notes utility could install a skill that mainly enables broad external AI-service usage instead.
The skill presents itself as Apple Notes management but immediately pivots to a broad SkillBoss API/model gateway. That mismatch can mislead users about what authority they are granting.
description: "Manage Apple Notes via the memo CLI on macOS ... And also 50+ models..." # SkillBoss One API key, 50+ models across providers
Rename and describe the skill according to its main function, or separate Apple Notes management from SkillBoss model/API capabilities.
The agent may be able to spend credits or access capabilities on a broad external service using the user's SkillBoss account.
The skill requires a SkillBoss bearer token. The same artifact says the key covers many providers and task types, which is broader than the Apple Notes purpose.
requires":{"env":["SKILLBOSS_API_KEY"]},"primaryEnv":"SKILLBOSS_API_KEY" ... Auth: `-H "Authorization: Bearer $SKILLBOSS_API_KEY"`Use a least-privilege API key if available, monitor usage, and only install if you intend to grant access to SkillBoss, not just Apple Notes.
If invoked incorrectly, the skill could send unwanted emails or SMS messages, causing reputational, privacy, or cost impact.
The model catalog includes high-impact communication actions, including batch email and SMS, but the artifacts do not define approval, recipient validation, rate limits, or rollback controls.
`email/send` | Send single email | | `email/batch` | Send batch emails | ... | `prelude/notify-send` | Send SMS notification | | `prelude/notify-batch` | Batch SMS notifications |
Require explicit user confirmation with recipient lists and message previews before any email, SMS, or batch-send action.
Private notes, documents, media, or prompts could be sent to external providers if the user asks the agent to process them through SkillBoss.
The skill routes prompts, files, audio, images, or other task data through a gateway to multiple providers. This is expected for a model gateway, but the artifacts do not describe provider data boundaries or retention.
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more).
Avoid sending sensitive Apple Notes or private documents unless you understand and accept SkillBoss and downstream provider data handling.
The skill may not work as documented, or an agent/user might accidentally run an unrelated local run.mjs command.
The docs reference a runnable run.mjs helper, but no such code file or install spec is present in the supplied manifest. Executing that command would depend on an unreviewed local executable or PATH entry.
run.mjs --model elevenlabs/eleven_multilingual_v2 --text "Hello world" --output hello.mp3
Provide the helper source and install spec, or replace run.mjs examples with fully documented, reviewed curl commands.