Bear Notes
v1.0.0Create, search, and manage Bear notes via grizzly CLI.
⭐ 3· 9.7k·978 current·1k all-time
byPeter Steinberger@steipete
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes exactly what the skill claims to do (use the grizzly CLI to create/read/manage Bear notes). However the registry metadata shown to the platform omitted the requirement for the 'grizzly' binary and a token file; the SKILL.md includes a clawdbot metadata block that does declare a go install for grizzly. This mismatch between published metadata and the runtime instructions is inconsistent and should be corrected.
Instruction Scope
Runtime instructions stay within the Bear/grizzly scope: they use the grizzly CLI, reference Bear's API token (in ~/.config/grizzly/token), and local callback URLs (localhost). There is no instruction to read unrelated system files. Note: the agent (or user following the instructions) will need access to the token file and possibly to .grizzly.toml in the home directory; those are sensitive and must be protected.
Install Mechanism
The registry metadata said 'no install spec', but SKILL.md contains metadata to install grizzly via 'go' (github.com/tylerwince/grizzly/cmd/grizzly@latest). Installing a third-party Go module from GitHub is a common but non-trivial action: it fetches and builds remote code (moderate risk). The install source is a GitHub repo (traceable) rather than an opaque URL, which is better, but 'latest' can change over time and could pull malicious changes if the repository is compromised.
Credentials
The skill in the registry declared no required env vars, yet SKILL.md documents environment variables (GRIZZLY_TOKEN_FILE, GRIZZLY_CALLBACK_URL, GRIZZLY_TIMEOUT) and requires a Bear API token stored in ~/.config/grizzly/token for several operations. This is proportionate to the stated purpose (Bear API needs a token) but the platform metadata should declare that a credential/file is required. Also, storing tokens in a file means the agent or any process running as the user could read it—handle permissions carefully.
Persistence & Privilege
The skill does not request elevated persistence (always: false). It is user-invocable and allows model invocation (platform default). Nothing in the skill attempts to modify other skills or request system-wide configuration changes.
What to consider before installing
This skill appears to do what it says (control Bear via the grizzly CLI), but there are metadata inconsistencies and an install-from-GitHub step to be aware of. Before installing:
- Confirm you trust the grizzly repository and its maintainer (github.com/tylerwince/grizzly). Review the source or the release used rather than blindly installing '@latest'.
- Expect to provide a Bear API token; store it with restrictive file permissions (chmod 600) and consider using a dedicated token with limited scope if available.
- Be aware grizzly may open a local callback URL (localhost) to receive data — ensure that port is not exposed and that you understand what will listen on it.
- Ask the skill author/platform owner to correct the published metadata to declare the required binary and env vars, and to provide an explicit, versioned install step rather than 'latest'.
If you cannot verify the repository or are uncomfortable granting access to a Bear token, avoid installing the CLI and instead interact with Bear manually.Like a lobster shell, security has layers — review code before you run it.
latestvk97f8k32rsn9y5rqwqma469r8s7ykhd4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🐻 Clawdis
OSmacOS
Binsgrizzly
Install
Install grizzly (go)
Bins: grizzly
go install github.com/tylerwince/grizzly/cmd/grizzly@latest