MH apple-notes

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Apple Notes helper, but it can read, edit, export, move, and delete local notes through the memo CLI.

Install only if you trust the upstream memo CLI and are comfortable granting Apple Notes access. Use clear, specific note or folder requests, and confirm before allowing edits, moves, exports, or deletions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill explicitly exposes note deletion functionality but does not warn that deletion may permanently remove user data or require an explicit confirmation step before destructive actions. In an agent setting, this increases the chance of accidental or ambiguous user requests causing irreversible loss of personal notes, especially because Apple Notes may contain sensitive or important information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal