Bear Notes

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for managing Bear notes, but users should protect the Bear token and understand that some commands read or modify private notes.

Install only if you trust the grizzly CLI and are comfortable letting an agent read or change Bear notes. Store the Bear token as a secret, restrict the token file permissions, avoid putting real tokens into shell history, and use --dry-run or --print-url when previewing actions matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to place a Bear API token in a predictable local file path without any warning about credential sensitivity, file permissions, or avoiding shell history exposure. While this is not overtly malicious, it encourages unsafe secret handling that could expose the token to other local users, backups, logs, or accidental disclosure.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill provides commands that create notes and append text to existing notes without clearly warning that they will modify the user's Bear data. In this context the operations are the stated purpose of the skill, so the risk is mainly accidental data modification rather than a hidden destructive action, but users should still be clearly informed before running write operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal