bear-research-enricher
ReviewAudited by ClawScan on May 4, 2026.
Overview
The skill appears to do what it claims, but it can read and edit tagged Bear notes using a local token and sends note-derived GIF search terms to Giphy.
This skill is reasonable for its stated purpose, but use it carefully: make sure the 「待整理」 tag is only on notes you want changed, back up important Bear notes first, and avoid running it on private or sensitive research if you do not want note topics sent to Giphy.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill gives the workflow authority to read and modify Bear notes through the configured token.
The skill requires a local Bear/grizzly token, which can authorize access to the user's Bear notes. This is disclosed and purpose-aligned, but it is sensitive local account access.
Bear app running on macOS with a valid API token at `~/.config/grizzly/token`
Use it only if you trust the skill with Bear note access; keep the token file protected and remove or rotate the token if you no longer need the integration.
All Bear notes tagged 「待整理」 may be changed when the script runs, including appended image links and tag changes.
The script performs persistent note mutations by appending GIF markdown to each matching Bear note, then retags the note. This matches the purpose, but it is a batch-editing capability.
echo -e "\n---\n${INSERT_BLOCK}" | grizzly add-text --id "$NOTE_ID" --mode append --token-file "$TOKEN_FILE"Before running it, confirm that only intended notes have the 「待整理」 tag and consider backing up Bear notes or testing on one note first.
Topics from private Bear notes could be revealed to Giphy or network observers through GIF search queries.
The script derives keywords from the note title and first part of the note text, then sends those keywords to the external Giphy API for GIF search.
KEYWORDS=$(echo -e "$TITLE\n$NOTE_TEXT" | head -c 200 ...); GIF_RESULT=$(curl -s "${GIF_API}?api_key=${GIF_KEY}&q=${ENCODED_KW}&limit=3"Avoid using it on sensitive notes, or review the keywords before sending them to an external GIF provider.
A future version of the grizzly CLI could behave differently from the version expected by the skill.
The documented setup uses an unpinned @latest install for an external CLI dependency. This is user-directed and purpose-aligned, but the installed code may change over time.
`grizzly` CLI installed (`go install github.com/tylerwince/grizzly/cmd/grizzly@latest`)
Install dependencies from trusted sources and consider pinning a reviewed grizzly version instead of using @latest.