Bear GIF Enricher
ReviewAudited by ClawScan on May 11, 2026.
Overview
The skill mostly matches its stated purpose, but it can change Bear notes in bulk and the tag-update script appears to create new notes instead of tagging the originals.
Install only if you are comfortable letting the skill read and edit Bear notes tagged 待整理 and send note topics to Tenor or Giphy. Before batch use, back up Bear notes and fix or verify the retagging command, because the included script appears to create a new 已整理 note instead of tagging the original note.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may alter note organization, remove notes from the pending list, and create duplicate or empty Bear notes instead of cleanly marking the original notes as processed.
The script removes the pending tag from the selected note, but the supposed 'add new tag' step calls `grizzly create` without the original note ID. That appears to create a new tagged note rather than adding the done tag to the existing note, causing unexpected persistent note changes.
grizzly delete-tag --name "$PENDING_TAG" --id "$NOTE_ID" ... echo "" | grizzly create --title "$(echo "$NOTE_JSON" ... )" --tag "$DONE_TAG"
Test on a small backup note first. Fix the retagging logic to update the existing note by ID, and add a dry-run or confirmation step before batch edits.
Anyone running the scripts with these credentials can access and change the targeted Bear notes and make requests to the configured GIF provider.
The skill requires local Bear access through the grizzly token and a GIF-provider API key. This is expected for the integration, but it grants the script authority to read and modify Bear notes and use the user's API quota.
Bear token at `~/.config/grizzly/token` - `TENOR_API_KEY` or `GIPHY_API_KEY` env var
Use only trusted local copies of the scripts, verify the token path, and revoke or rotate API keys if they may have been exposed.
Sensitive titles or first-line text from Bear notes could leave the local machine as search queries to GIF services.
The script derives a search topic from a Bear note title or first line and sends it to Tenor or Giphy. This is purpose-aligned, but private note topics may be disclosed to external providers.
TOPIC=$(echo "$TEXT" | head -1 | sed 's/^#\+ *//')
...
curl -sf "https://tenor.googleapis.com/v2/search?q=${TOPIC}&key=${TENOR_KEY}..."
...
curl -sf "https://api.giphy.com/v1/gifs/search?q=${TOPIC}&api_key=${GIPHY_KEY}..."Avoid using this on notes with confidential titles or opening lines, or modify the script to ask before sending each query.
The installed grizzly version may change over time, and future versions could behave differently from what this skill expects.
The setup instruction installs a third-party CLI at the moving `@latest` version. This is user-directed and relevant to Bear access, but it is not pinned or covered by an install spec.
`grizzly` CLI installed (`go install github.com/tylerwince/grizzly/cmd/grizzly@latest`)
Review the grizzly project before installing and consider pinning a known version instead of using `@latest`.