Back to skill
Skillv1.0.0
ClawScan security
MH apple-notes · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 24, 2026, 1:14 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it wraps the macOS 'memo' CLI to manage Apple Notes and only requests installing/running that tool and macOS Automation permission — nothing else looks out of scope.
- Guidance
- This skill is coherent and appears to do what it says: call the memo CLI to manage Apple Notes. Before installing, confirm the Homebrew formula and GitHub repo (https://github.com/antoniorodr/memo) are what you expect. Be aware that to work fully memo will request Automation access to Notes.app — granting that permission lets the tool read and modify all your Apple Notes, so only grant it if you trust the memo binary and its source. If you want extra caution, inspect the Homebrew formula and the memo source code before installing, or run memo locally in a sandboxed account first to confirm behavior.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions and requirements. The skill requires the 'memo' CLI and offers brew install of antoniorodr/memo/memo, which aligns with the stated purpose of managing Apple Notes from the terminal.
- Instruction Scope
- noteSKILL.md only instructs use of the memo commands (list, add, edit, delete, move, export). It also mentions granting macOS Automation access to Notes.app and an optional manual pip install after cloning the repo. Granting Automation gives the installed tool access to all Notes data — this is expected for the feature but is a privacy-sensitive permission.
- Install Mechanism
- okInstall uses a Homebrew formula (antoniorodr/memo/memo), which is a standard and traceable mechanism. The README also mentions optional manual pip install after cloning (not part of the install spec). No downloads from unknown URLs or extract/install of arbitrary archives are present.
- Credentials
- okNo environment variables, credentials, or unrelated config paths are requested. The only platform access required is macOS Automation permission to Notes.app, which is proportional to the functionality.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated platform privileges beyond requiring the memo binary and Automation permission. Model invocation is allowed (default), which is expected for a user-invocable skill.