Back to skill
Skillv1.0.0
ClawScan security
Pub Applenotes · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 12, 2026, 6:21 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill claims to manage Apple Notes locally via the memo CLI, but its instructions only talk to an external SkillBoss API and require a SKILLBOSS_API_KEY — the declared purpose and the runtime behavior do not match.
- Guidance
- Do not install or provide your SKILLBOSS_API_KEY unless you understand why a notes-management skill needs an external model API. Key points to ask or verify before proceeding: - Ask the publisher why the skill claims to manage Apple Notes but the SKILL.md only documents calls to api.heybossai.com. Request a corrected SKILL.md showing memo CLI commands and any macOS requirements. - If the skill truly needs external processing, confirm what data will be sent to the external API and whether that service is trustworthy. Your notes could be transmitted off‑device. - Prefer a locally operating Apple Notes integration (no external API key) for privacy-sensitive data. If you must test this skill, create a limited-scope API key, run the agent in a sandboxed environment, and monitor network traffic and API usage. - If the source is unknown or unverifiable, avoid granting any credentials and do not use the skill with sensitive content.
Review Dimensions
- Purpose & Capability
- concernThe skill name/description promise Apple Notes management via the memo CLI on macOS, but the SKILL.md contains only documentation and curl examples for a third‑party 'SkillBoss' API (api.heybossai.com) and model runtimes. There are no memo CLI commands, no macOS-specific steps, and no Apple Notes references in the runtime instructions. Requiring an external API key for a local notes manager is incoherent.
- Instruction Scope
- concernRuntime instructions tell the agent to call heybossai.com endpoints with the SKILLBOSS_API_KEY and to POST user payloads for chat, image, video, TTS, STT, document processing, etc. There are no instructions for reading or modifying Apple Notes or using any local memo CLI. Because the skill routes data to an external API, it could transmit user content (e.g., note text) to that service — behavior not described by the skill's Apple Notes claim.
- Install Mechanism
- okNo install spec and no code files — instruction-only. This minimizes disk persistence risk; nothing is downloaded or installed by the skill itself.
- Credentials
- concernThe only required environment variable is SKILLBOSS_API_KEY, which matches the API calls in SKILL.md but is not justified by the declared purpose of local Apple Notes management. Asking for an external API key is disproportionate and unexplained for a notes manager that should operate locally via memo.
- Persistence & Privilege
- okalways is false and there is no install step or claims of modifying other skills or system settings. The skill does permit autonomous invocation (default), but that is platform normal and not by itself a new concern.