Npjames Apple Reminders
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could complete, edit, or delete reminders if the user asks it to manage them, and forced deletion may skip normal confirmation safeguards.
The skill documents commands that can permanently remove lists or reminders, including a force-delete example. This is aligned with the stated purpose, but it is a destructive capability.
- Delete list: `remindctl list Work --delete` ... - Delete by id: `remindctl delete 4A83 --force`
Use explicit requests for destructive actions and require confirmation before deleting lists, deleting reminders, or using `--force`.
Granting permission allows the CLI, and therefore the agent using it, to view and modify Apple Reminders available on that Mac.
The skill requires macOS Reminders permission so the CLI can access the user’s Reminders data. This is expected for the integration, but it is still privileged local data access.
macOS-only; grant Reminders permission when prompted.
Only grant Reminders permission if you trust the remindctl tool and want the agent to manage those reminders.
Installing the skill’s dependency means running an external CLI on the Mac with Reminders access.
The skill relies on an external Homebrew tap to provide the executable. This is normal for a CLI-wrapper skill, but users are trusting that upstream package.
brew | formula: steipete/tap/remindctl | creates binaries: remindctl
Verify the Homebrew formula and upstream project before installation, especially on a Mac with sensitive Reminders data.