Back to skill
Skillv1.0.0
ClawScan security
Apple Notes · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 8:20 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent with its stated purpose (controlling Apple Notes via the memo CLI) but the registry metadata and the SKILL.md differ on some details and the install uses a third‑party Homebrew tap — review before installing.
- Guidance
- This skill appears to do what it says: it runs the memo CLI to manage Apple Notes. Before installing or using it: 1) confirm you're on macOS (SKILL.md is macOS-only) — the registry entry omitted that. 2) Review the upstream repository and the Homebrew formula (antoniorodr/memo) because you will install third‑party code into your system. 3) Be aware memo will request Automation access to Notes.app — that grants the tool access to your notes' content, so only install if you trust the project. 4) If you need stricter assurance, ask the publisher to fix the registry metadata (declare required binary 'memo' and restrict OS to darwin) or provide a signed release you can audit.
Review Dimensions
- Purpose & Capability
- noteThe skill's name and description match the SKILL.md: it uses the memo CLI to manage Apple Notes (create/view/edit/delete/search/move/export). However, the top-level registry metadata provided to you lists no required binaries or OS restriction while SKILL.md metadata declares the memo binary and macOS (darwin). This is a metadata inconsistency (likely an authoring/packaging omission) but the functionality described is coherent.
- Instruction Scope
- okRuntime instructions are narrowly scoped to running the memo CLI and interacting with Apple Notes (listing, searching, editing, exporting). They ask the user to grant macOS Automation permission to Notes.app and to use interactive terminal prompts; they do not instruct reading unrelated files, sending data to external endpoints, or accessing other credentials.
- Install Mechanism
- noteThe SKILL.md recommends installing via a Homebrew tap (antoniorodr/memo) or manually via pip from the repo. Homebrew is a standard mechanism, but this is a third‑party tap/author (not an official Apple package). There is no install spec in the registry package itself, so installation instructions live only in SKILL.md — you should review the Homebrew formula and upstream repo before installing.
- Credentials
- okThe skill does not request any environment variables or credentials. It does require access to Apple Notes and macOS Automation permissions (appropriate for this purpose). No unrelated secrets or config paths are requested.
- Persistence & Privilege
- okThe skill is not force-enabled (always: false), is user-invocable, and does not request persistent system privileges or modify other skills. Autonomous invocation is allowed by default but not combined with other red flags here.