Skillv1.1.0

ClawScan security

Apple Notes (AppleScript) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:43 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested resources are coherent with an Apple Notes integration — it accesses Notes.app via AppleScript and local Notes data/attachments as expected and does not request unrelated credentials or remote installs.
Guidance: This skill will read, create, edit and delete notes and can extract attachments from your local Notes database (it looks under ~/Library/Group Containers/group.com.apple.notes/). That behavior is expected for a Notes integration, but these are sensitive actions: - Expect macOS automation/Notes permission prompts when running these scripts. Granting those permissions gives the scripts access to your Notes data. - Deleting notes requires explicitly passing a folder (the script enforces this), but review delete usage carefully and consider backing up important notes first. - Attachment extraction copies files into /tmp/notes-export/ — verify and remove exported files when finished. - The scripts are local shell code; if you want extra safety, review or run them in a sandboxed account, or inspect/modify them before use. Minor implementation notes (non-malicious): some filename handling uses unquoted expansions (e.g., listing preview files) which could break on unusual filenames; this is an implementation robustness issue, not evidence of exfiltration. If you need higher assurance, review the scripts line-by-line or run them in a non-production environment first.

Review Dimensions

Purpose & Capability: okName/description (Apple Notes integration) match the included scripts and behavior. The scripts use osascript to list, read, create, edit, search and delete notes and to extract attachments from the Notes group container; all of these are legitimate needs for the stated purpose.
Instruction Scope: okSKILL.md instructs running the included scripts and documents their behavior. The scripts read and write only local Notes.app data and temp files (/tmp, ~/Library/Group Containers/group.com.apple.notes/...), which is necessary for attachment extraction and note manipulation. They do not transmit data to remote endpoints. Note: some Spotlight (mdfind) usage and file-copy operations operate on local disk and may require macOS automation or Filesystem permissions; the scripts will access sensitive user note content and attachments (expected for this skill).
Install Mechanism: okNo install spec — instruction-only with included shell scripts. Nothing is downloaded or extracted from external URLs, so there's no install-time code-fetch risk.
Credentials: okThe skill requires no environment variables, credentials, or external tokens. It does access local Notes data and account directories in ~/Library/Group Containers which is proportional to attachment extraction and note access.
Persistence & Privilege: okalways:false and normal model invocation settings. The skill does not request persistent system-wide changes or modify other skills' configurations.