research-gif-enricher
ReviewAudited by ClawScan on May 11, 2026.
Overview
The skill mostly matches its advertised Bear-note workflow, but it batch-rewrites tagged notes using a Bear token without backup or confirmation and sends note-derived search terms to GIF services.
Before installing or running, back up Bear notes and review which notes are tagged 「待整理」. Use it only if you are comfortable granting Bear note read/write access and sharing note-derived GIF search terms externally; consider adding a dry run and safer tag-removal logic first.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the batch script can permanently modify many Bear notes, remove the organizing tag, and potentially overwrite recent or appended content.
For each tagged note, the script appends a GIF and then replaces the note with content captured before the append, with no backup, dry run, or per-note approval. This can overwrite note content or undo the append while removing the tag.
printf '\n## Supporting Media\n\n\n' "$ALT_TEXT" "$GIF_URL" | grizzly add-text --id "$NOTE_ID" --mode append ... NEW_CONTENT=$(echo "$CONTENT" | sed 's/#待整理//g' ...) echo "$NEW_CONTENT" | grizzly add-text --id "$NOTE_ID" --mode replace --token-file "$TOKEN_FILE"
Run only after backing up Bear notes. Add a dry-run and confirmation step, avoid full-content replace, and prefer a scoped tag-removal API or a single safe rewrite of the final intended note body.
Anyone running the skill is granting it read/write access to Bear notes reachable through that token.
The script uses a local Bear/grizzly token to read and modify notes. This is expected for the skill's purpose, but it is privileged access to the user's note database.
TOKEN_FILE="${GRIZZLY_TOKEN_FILE:-$HOME/.config/grizzly/token}" ... grizzly open-tag ... --token-file "$TOKEN_FILE" ... grizzly add-text ... --token-file "$TOKEN_FILE"Verify the token path, run the skill only under the intended user account, do not share the token, and review which notes carry the 「待整理」 tag before running.
Sensitive project names or topics in note titles may be revealed as GIF search terms.
GIF search queries are derived from Bear note titles and sent to gifgrep or Tenor. This is purpose-aligned, but it can disclose note-derived keywords to an external GIF provider.
QUERY=$(echo "$TITLE" | python3 -c "...") ... curl -s "https://tenor.googleapis.com/v2/search?q=$(python3 ... "$QUERY")&key=AIzaSy...&limit=1"
Avoid running on sensitive notes, review generated queries when possible, or disable/replace the external Tenor fallback if privacy is important.
A future upstream change in grizzly could change behavior compared with what was reviewed here.
The install step uses an unpinned @latest Go module for grizzly. Installing grizzly is central to the skill, but the exact code version can change over time.
module: github.com/tylerwince/grizzly/cmd/grizzly@latest
Pin grizzly to a reviewed version and install from a trusted source.