Mac Reminders Agent
Security checks across malware telemetry and agentic risk
Overview
This appears to be a transparent macOS Reminders integration, but it can view, edit, complete, and delete your reminders after you grant access.
Install this only if you want an agent to manage your macOS Reminders. After granting Reminders permission, ask the agent to confirm exact reminder IDs before edit/delete/complete actions, be careful with reminder notes that contain private information, and only set up cron/LaunchAgent automation if you want scheduled background checks.
VirusTotal
58/58 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can read and manage reminders available to the local macOS Reminders app.
The Swift helper requests full Reminders access. This is expected for a Reminders-management skill, but it means the skill can access the user's reminder store once permission is granted.
store.requestFullAccessToReminders { granted, error inGrant Reminders access only if you want the agent to manage that data, and ask it to confirm before edits, deletes, or completions.
A mistaken or overly broad invocation could alter, complete, or remove the wrong reminder, with changes potentially syncing through iCloud.
The documented tool surface includes reminder mutation and deletion. These operations are purpose-aligned and ID-scoped, but they can still change or remove user data.
- **Edit reminders**: Modify title, due date, notes, priority by ID - **Delete reminders**: Remove reminders by ID - **Complete reminders**: Mark reminders as done by ID
Before destructive actions, have the agent list the matching reminder IDs and get explicit confirmation for the exact item.
Installing and using the skill runs local helper code on your machine.
The CLI runs a bundled local bridge process. This explains the static scan's dangerous_exec signal and appears central to the Reminders integration rather than hidden behavior.
execFile('node', args, { encoding: 'utf8' }, (err, stdout, stderr) => {Install only from a source you trust and avoid modifying the skill directory with unreviewed code.
Installation may fetch or use npm dependencies before the skill works.
The skill expects an npm install step and depends on local package resolution. This is disclosed and normal for the AppleScript bridge, but users should notice it because registry metadata says there is no install spec.
install: | cd $SKILL_DIR && npm install
Review package.json/package-lock.json and install dependencies from the reviewed package context.
Private reminder notes may be visible to the agent, and text inside reminders should not be treated as authoritative instructions.
Reminder notes are returned to the agent as context. Reminder text may contain private information or instruction-like content.
if let notes = r.notes, !notes.isEmpty {
item["note"] = notes
}Treat reminder contents as data, avoid storing secrets in reminders, and do not let reminder text override your actual request.
If you configure the LaunchAgent or cron examples, reminder checks may run automatically on a schedule.
The README documents optional scheduled execution via LaunchAgent. The artifacts do not show automatic installation of this persistence.
Create `~/Library/LaunchAgents/com.reminders.daily.plist` ... Load with: ```bash launchctl load ~/Library/LaunchAgents/com.reminders.daily.plist ```
Only add scheduled jobs if you want ongoing checks, and remember to unload or remove them when no longer needed.