MH bear-notes
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for Bear note management, but it requires trusting an unpinned grizzly CLI and may use a Bear token/callbacks to let the agent read or change notes.
This skill appears safe for its stated purpose if you want an agent to manage Bear notes. Before installing, make sure you trust the grizzly CLI source, protect the Bear token file, and review any actions that read or change sensitive notes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The installed CLI could change over time if the upstream package changes.
The skill installs a third-party CLI from a moving @latest Go module. This is purpose-aligned, but users are trusting that upstream package at install time.
go | module: github.com/tylerwince/grizzly/cmd/grizzly@latest | creates binaries: grizzly
Install only if you trust grizzly's source; consider pinning or reviewing the exact version before use.
The agent may create or append to notes when asked to manage Bear content.
The skill intentionally gives the agent CLI authority to read and modify Bear notes. That matches the description, but it is still user data mutation authority.
Use `grizzly` to create, read, and manage notes in Bear on macOS.
Review note-writing actions before approving them, especially for important or shared notes.
Anyone or any agent process able to use that token file may be able to perform token-authorized Bear operations.
The skill documents use of a Bear API token for certain Bear operations. This is expected for the integration and no unrelated credential use or leakage is shown.
For some operations (add-text, tags, open-note --selected), a Bear app token (stored in `~/.config/grizzly/token`)
Store the token with appropriate file permissions and provide it only if you want the agent to perform token-required Bear actions.
Private note or tag data can be returned to the agent through grizzly callbacks.
Reading Bear data uses callback/JSON flows, and the documented configuration includes a callback URL setting. This is disclosed and purpose-aligned, but it affects where note data is returned.
`--enable-callback` — Wait for Bear's response (needed for reading data)
Keep callback configuration local and trusted, and check GRIZZLY_CALLBACK_URL or .grizzly.toml before reading sensitive notes.