Skillv0.10.0

ClawScan security

RemNote Notes · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 21, 2026, 7:50 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are consistent with a RemNote CLI integration; the npm-based install and the remnote-cli binary are expected for the described functionality.
Guidance: This skill appears to be what it says: a wrapper around remnote-cli. Before installing, verify the remnote-cli npm package and its GitHub repo (maintainer, recent commits, issues) because npm packages run code on your machine and a global install affects PATH. Be aware remnote-cli interacts with the RemNote Automation Bridge and your open RemNote session, so it can read and (with your explicit confirm) modify your notes — only grant write permission when you trust the package. If you are cautious about autonomous agent behavior, keep the skill user-invocable (do not enable always:true) and consider disabling autonomous invocation or require explicit confirmation for writes in your agent policy.

Review Dimensions

Purpose & Capability: okName/description match the actual requirements: the skill is an adapter around the remnote-cli binary and the SKILL.md only instructs the agent to run remnote-cli commands. Requiring the remnote-cli binary (and offering an npm install for it) is proportional to the stated purpose.
Instruction Scope: okRuntime instructions constrain the agent to run only remnote-cli commands, prefer read-only flows by default, and require explicit user confirmation ('confirm write') for mutating operations. The SKILL.md does not instruct reading unrelated files or environment variables outside of remnote-cli usage.
Install Mechanism: noteInstall uses npm (npm install -g remnote-cli). This is expected for a CLI distributed via npm but carries the usual moderate risk associated with third-party npm packages (global install affects system PATH). The install does not fetch code from an untrusted URL or IP; it references the package name and a GitHub repo as homepage.
Credentials: okNo environment variables, config paths, or unrelated credentials are requested. The skill expects a RemNote browser/app session and the RemNote Automation Bridge plugin — these are reasonable for a tool that manipulates a user's RemNote content.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills or system-wide agent settings, and is user-invocable. It does require running a long-lived remnote-cli daemon, which is appropriate for this use case.