Skillv1.0.0

ClawScan security

Apple Notes 1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 24, 2026, 2:18 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is internally consistent: it wraps the third-party 'memo' CLI to manage Apple Notes on macOS, requires installing that binary via a Homebrew tap and granting Automation access to Notes.app, and does not request unrelated credentials or system-wide changes.
Guidance: This skill appears to do what it says: it drives the 'memo' CLI to manage Apple Notes. Before installing, review the upstream GitHub repo (https://github.com/antoniorodr/memo) and the Homebrew tap to ensure you trust the source. Be aware that to function the memo binary may require Automation permission to control Notes.app — granting that permission allows the binary to read and modify your personal notes. If you want extra caution, install and run memo locally in a controlled environment first (or audit the installed binary), and revoke Automation permissions when you no longer need the skill.

Review Dimensions

Purpose & Capability: okName/description, declared required binary ('memo'), homepage (GitHub repo), and the SKILL.md instructions all align: the skill simply instructs the agent to call the memo CLI to manage Apple Notes.
Instruction Scope: okSKILL.md only instructs using memo commands (list, add, edit, delete, move, export) and to grant macOS Automation permission to Notes.app when prompted. There are no instructions to read unrelated files, request extra environment variables, or exfiltrate data to unexpected endpoints.
Install Mechanism: noteInstallation uses a Homebrew tap (antoniorodr/memo) and installs a binary named 'memo', which is appropriate for a CLI-based skill. As a caution: this is a third-party tap (not an official Homebrew core formula); users should verify the tap and the upstream GitHub repository before installing.
Credentials: noteThe skill requests no environment variables or credentials, which is proportional. However, it requires granting Automation access to Notes.app (macOS privacy permission), which gives the installed binary programmatic access to the user's notes — this is expected for the task but exposes sensitive personal data and should be considered before granting.
Persistence & Privilege: okThe skill is not set to always:true, is user-invocable, and does not request persistent system-wide changes or access to other skills' configuration. Installing the memo binary is the only persistent artifact; autonomous invocation is enabled (default) but not excessive here.