RemNote Notes
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a legitimate RemNote CLI integration, but it can read your personal notes and, after an explicit confirmation phrase, change them.
Install this only if you trust `remnote-cli` and the RemNote bridge plugin. Expect the agent to be able to search and read your RemNote content when invoked, and to create or change notes only after you explicitly provide `confirm write`. Review write targets and content carefully, and stop the daemon when you no longer want the bridge available.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private RemNote content may be surfaced in the conversation when you ask the agent to search or read notes.
The skill is explicitly meant to retrieve and manipulate persistent personal knowledge-base content, so retrieved notes may enter the agent's working context.
Search, read, and write RemNote notes and personal knowledge base content
Use targeted queries, avoid asking the agent to process notes containing secrets unless necessary, and treat note text as data rather than instructions to follow.
If you confirm a write, the agent can create, update, or add journal content in RemNote.
The skill exposes commands that can mutate RemNote content, but the artifact also provides a clear same-turn confirmation gate.
For writes (`create`, `update`, `journal`), require the exact phrase `confirm write` from the user in the same turn.
Only type `confirm write` after reviewing the target note, operation, and content that will be written.
The agent may access the RemNote account and knowledge base that are open and connected through the bridge.
The skill operates through the user's active RemNote environment, which is expected but means the CLI can act on content available to that RemNote account.
RemNote Automation Bridge plugin is installed in RemNote. ... RemNote is open in browser/app
Use this only on a trusted machine and with the intended RemNote account; disconnect or close the bridge when you do not want agent access.
Installing the skill's dependency installs third-party CLI code on your machine.
The runnable component comes from an external npm package rather than bundled code in the skill. This is central to the skill's purpose but makes upstream package trust important.
node | package: remnote-cli | creates binaries: remnote-cli
Install from the expected upstream package, consider pinning versions as the skill suggests, and keep the CLI and bridge plugin matched.
The RemNote bridge may remain available for future CLI operations while the daemon is running.
A local background daemon is required for the integration. It is disclosed and purpose-aligned, but it remains active beyond a single command until stopped.
`remnote-cli` daemon is running (`remnote-cli daemon start`).
Check daemon status when needed and stop it when you no longer want the integration active.