ClawHub
Back to skill
v1.0.0

Notectl

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:52 AM.

Analysis

Notectl appears to be a straightforward Apple Notes command guide, but it can read/search and change your Notes and depends on a local notectl command whose source is not provided.

GuidanceUse this skill only if you are comfortable letting the agent use a trusted local `notectl` command to read, search, create, and append Apple Notes. Confirm the installed CLI and current folder list first, and approve any write action before it runs.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
`notectl show <title>` | Show note content by title ... `notectl add <title>` | Create a new note ... `notectl search <query>` | Search notes by title or content ... `notectl append <title>` | Append text to an existing note

The skill exposes commands that read, search, and mutate Apple Notes. This matches the stated purpose, but these are still sensitive local-data operations that should be user-directed.

User impactIf invoked, the agent could display private note content or create/append notes in the user's Apple Notes database.
RecommendationUse the skill only for explicit Notes tasks, prefer specific folders/titles/queries, and review any `add` or `append` command before running it.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none; Required binaries ... none

The runtime instructions rely on a `notectl` CLI, but the registry metadata provides no source/homepage provenance and does not declare the binary requirement.

User impactThe skill itself does not install code, but the command it tells the agent to use depends on whatever `notectl` binary is available locally.
RecommendationConfirm that `notectl` is installed from a trusted source and is the intended binary before allowing the agent to run it.
Human-Agent Trust Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
Folders on this system:
- Notes (default)
- research
- rainbat-projects
- Papi

The hard-coded folder list is described as being from 'this system,' which may be stale or specific to the publisher rather than the installing user's Apple Notes environment.

User impactThe agent could assume folders exist when they do not, or use a stale folder list instead of checking the current system.
RecommendationRun `notectl folders` on the current machine and update or ignore the hard-coded folder list.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
SKILL.md
`notectl show <title>` | Show note content by title ... `notectl search <query>` | Search notes by title or content ... # Search all notes

Apple Notes content can be retrieved into the agent's context. Notes may contain private information or untrusted text, even though retrieval is purpose-aligned for this skill.

User impactPrivate note text may be exposed in the conversation or influence the agent's reasoning if retrieved.
RecommendationRetrieve only the notes needed for the task, avoid broad searches on sensitive topics, and treat note contents as user data rather than authoritative instructions.