Bear Share Sync
WarnAudited by ClawScan on May 11, 2026.
Overview
Bear Share Sync matches its stated sharing purpose, but its polling script has unsafe Python interpolation and a state bug that can repeatedly resend note previews, so it needs review before use.
Use this only if you intentionally want Bear notes tagged #share copied into a canvas and previewed over iMessage. Before scheduling it, fix or review the polling script’s JSON handling and processed-note filter, then verify BEAR_SHARE_TARGET, the grizzly token, and the BlueBubbles channel.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A specially crafted tagged Bear note could cause the poller to fail or potentially run unexpected code under the user’s account.
Raw Bear/grizzly JSON is spliced into Python source code instead of passed as data. Crafted note text containing Python string delimiters could break parsing or be interpreted during the polling step.
RAW=$(grizzly open-tag --name "$TAG" --enable-callback --json --token-file ~/.config/grizzly/token 2>/dev/null || echo '[]')
...
raw = json.loads('''$RAW''')Pass grizzly output to Python via stdin, a temporary file, or a safely quoted environment variable, and parse it with json.load/json.loads without embedding note contents in python -c source.
Already-processed notes may be treated as new on every run, which can repeatedly send the same iMessage previews, especially if scheduled with cron.
For notes with a non-empty id, n.get('id') is truthy, so the processed set is not checked. This undermines the state file that is supposed to prevent re-processing.
new_notes = [n for n in notes if n.get('id') or n.get('identifier','') not in processed]Compute the note id first and filter with an explicit check such as nid not in processed before updating state or sending previews.
The skill can read Bear notes matching the chosen tag and use the user’s messaging setup to distribute previews.
The skill relies on local Bear access through a grizzly token and a configured BlueBubbles/iMessage channel. This is purpose-aligned but gives the workflow delegated access to private notes and messaging.
- Bear running with `grizzly` CLI installed and token configured (`~/.config/grizzly/token`) - BlueBubbles channel configured in OpenClaw gateway (`channels.bluebubbles`)
Use a dedicated share tag, verify the BlueBubbles target before running, and declare these credential/channel requirements clearly in metadata.
Private note titles and up to 280 characters of content may be sent to the configured recipient.
The workflow intentionally sends note previews through an OpenClaw gateway channel to an external iMessage target. That data flow is disclosed and purpose-aligned, but it crosses a sensitive boundary.
Uses the `message` tool with `channel: "bluebubbles"`. Sends a compact preview:
Set BEAR_SHARE_TARGET carefully and consider requiring user confirmation before sending previews, particularly for scheduled runs.
Tagged Bear note excerpts remain in the canvas until removed and could be read or reused by later workflows.
The script stores note titles and up to 500 characters of content in a persistent JSON Canvas file. This is the intended behavior, but it creates reusable local context from note contents.
display = f"## {title}\n\n{content[:500]}"
...
save_canvas(args.canvas, canvas)Use a dedicated canvas for shareable material, avoid tagging sensitive notes, and document retention or cleanup expectations.