Google Keep Skill
ReviewAudited by ClawScan on May 18, 2026.
Overview
This skill appears to do what it claims, but it uses a persistent Google login and anti-detection Chrome automation to read and change Google Keep notes, so it should be reviewed carefully before use.
Install only if you are comfortable giving the agent persistent access to your Google Keep notes through a saved Chrome session. Use a dedicated Google account/profile if possible, confirm update/delete/archive actions, inspect the full script before running because the provided keep.py content was truncated in this review, and clear the session with logout when you no longer need it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Actions may occur headlessly as your Google account, and this style of automation may bypass provider protections or create account/policy risk.
The skill intentionally uses anti-detection logged-in browser automation rather than a scoped API, and the documented commands can mutate or delete Keep notes.
Bot-proof: uses a real Chrome instance with a persistent session, bypassing Google's bot detection entirely.
Use only if you accept browser automation against Google Keep; prefer a dedicated account/profile, use visible mode for sensitive actions, and require confirmation before update/delete/archive.
A saved Google session can continue to read and modify Keep notes after the initial login, and local access to that profile/cookie store is high impact.
This establishes a persistent Google-authenticated browser session; registry requirements list no primary credential or required config path, so the sensitive account authority is under-declared.
The session is saved securely outside the skill directory at `~/.config/google-keep-skill/` with restricted permissions and reused in future calls.
Treat this as granting the agent access to your Google Keep account; protect the config directory, consider a separate Google account, and run the documented logout command when finished.
Your note contents may be shown to or processed by the agent when you ask it to list or read notes.
Reading and listing notes is expected for the skill, but it brings private Keep content into the agent's context.
`list [--limit N] [--filter "text"]`: Lists notes. `read --title "T"`: Returns the structured content of the note and its type.
Only request notes you are comfortable sharing with the agent, and treat note text as user data rather than trusted instructions.
Future installs may resolve a different nodriver package version than the publisher tested.
The core browser automation dependency is unpinned and installed through uv on first use; this is central to the stated purpose but creates normal dependency provenance risk.
dependencies = [
"nodriver",
]Pin dependencies with a lockfile and verify the package source before first run.