Mac Reminder Bridge
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its stated purpose, but it gives an HTTP bridge authority to read and change macOS Reminders, with broad/default access controls and fuzzy delete behavior that users should review before installing.
Install only if you intentionally want OpenClaw/Docker to manage your macOS Reminders. Before use, set a BRIDGE_SECRET, keep port 5000 off public networks, narrow BRIDGE_ALLOWED_IPS, and require confirmation before fuzzy delete or update actions.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Another process or container that can reach the bridge may be able to read, create, update, or delete reminders.
The bridge accepts reminder-management requests without a shared secret by default, relying on a broad IP allowlist. Because the skill exposes create/update/delete/list operations, weak default access control is a material concern if the service is reachable outside the intended container path.
API_SECRET = os.environ.get("BRIDGE_SECRET", "") ... _raw_ips = os.environ.get("BRIDGE_ALLOWED_IPS", "172.0.0.0/8,127.0.0.1,::1")Set BRIDGE_SECRET, narrow BRIDGE_ALLOWED_IPS to the exact trusted Docker/host addresses, and do not expose port 5000 to untrusted networks.
A vague delete request could remove the wrong reminder, or multiple reminders, especially across several lists.
The delete workflow encourages fuzzy matching across all lists when unsure, but the instructions do not require showing matches or asking for confirmation before deletion.
- `fuzzy: true` → match by "contains" ... - `list`: leave empty to search ALL lists
Require exact matching or list the matching reminders and ask the user to confirm before delete, complete, or update operations.
The running listener can act on the user's Reminders app with the permission granted by macOS.
The bridge needs host-level permission to macOS Reminders, which is expected for the purpose but gives the listener delegated access to the user's reminder data.
On first run, macOS will prompt you to grant terminal/IDE permission to access Reminders. Please allow this.
Grant the permission only if you trust the listener code and revoke it in macOS privacy settings if you stop using the bridge.
Requests to the bridge cause AppleScript to run on the Mac under the user's permissions.
The bridge executes generated AppleScript through osascript to control Reminders. This is central to the stated purpose, and the visible code includes escaping and a timeout, but it is still host-side code execution.
result = subprocess.run(["osascript", "-e", script], capture_output=True, text=True, timeout=15)
Keep the listener local and authenticated, and review any future code changes that alter AppleScript generation.
Users have less registry-level provenance information for code that will run on the Mac host.
The package provenance and installation path are not strongly documented in registry metadata, while the README instructs users to run local Python code.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the files locally before running listener.py, and prefer a known source repository or signed release if available.
The Mac remains controllable through the reminder bridge until the listener is stopped.
The bridge is intended to run as a persistent local listener. This is disclosed and not hidden, but it continues to accept requests while left running.
Run the listener: ```bash python3 listener.py ```
Run the listener only when needed, monitor who can reach it, and stop the process when finished.