Back to skill

Security audit

Mac Notes Agent

Security checks across malware telemetry and agentic risk

Overview

This skill transparently lets an agent manage Apple Notes on macOS, including editing and deleting notes, with no evidence of hidden data sharing or unrelated behavior.

Install only if you want an agent to read and change your Apple Notes. Use folder-scoped commands where possible, avoid broad searches over sensitive notes, and require explicit approval before update, append, or delete actions, especially when note titles may be duplicated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly advertises create, update, append, and delete operations against a user's real Apple Notes data but does not warn that these actions are state-changing and may irreversibly modify personal information. In an agent/skill context, that omission increases the chance of unsafe invocation by users or higher-level automation, especially because Notes often contains sensitive personal or business content.

Missing User Warnings

High
Confidence
95% confidence
Finding
The delete command is documented as a normal operation without any explicit warning that it can permanently remove user note data. In this skill's context, that is more dangerous because Apple Notes commonly stores valuable personal records, and an agent may execute documented commands directly without human appreciation of the destructive consequence.

Missing User Warnings

High
Confidence
88% confidence
Finding
The delete command permanently deletes a matched note immediately, with no confirmation, dry-run, or safeguard against accidental targeting. In an agent context where arguments may be generated or inferred automatically, a malformed ID/title or unintended invocation can cause irreversible loss of user data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.