ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Manage Apple Notes

v1.0.1

Manage Apple Notes from the terminal using the inotes CLI. Use when asked to list, read, create, edit, delete, or search notes in Notes.app on macOS.

0· 1.1k·1 current·1 all-time
byWalker Wang@wangwalk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the declared requirements: macOS-only, requires the inotes binary, and the SKILL.md documents AppleScript-based local manipulation of Notes.app. Required binaries and OS restriction are appropriate for the stated purpose.
Instruction Scope
SKILL.md only instructs running the inotes CLI and common shell utilities (date, jq, curl for manual download). It directs local operations (list/read/create/edit/delete/search) against Notes.app via AppleScript and does not instruct collection or transmission of data to external endpoints. It correctly calls out the need to grant macOS Automation permission for the terminal to control Notes.app.
Install Mechanism
No install spec is embedded in the package (instruction-only), but SKILL.md recommends installing via Homebrew (wangwalk/tap/inotes) or downloading GitHub Releases and verifying SHA256. These are standard approaches; however, the recommended Homebrew tap is a third-party tap (wangwalk/tap) — users should verify the tap's provenance and signatures before installing.
Credentials
The skill requests no environment variables, credentials, or config paths. This is proportionate to a local CLI wrapper for Notes. The only required runtime permission is macOS Automation access for the terminal to control Notes.app, which is explicitly documented.
Persistence & Privilege
The skill is not always-enabled and does not request persistent platform privileges. It does require an explicit macOS Automation grant (user-controlled) for the terminal to operate on Notes.app — this is expected and is called out in the documentation.
Assessment
This skill is coherent and appears to do what it says: control Apple Notes locally via the inotes CLI. Before installing, verify the Homebrew tap and/or GitHub release you use (check the repository, release signatures/SHAs, and the maintainer), since the SKILL.md recommends a third-party tap. Be aware that granting Automation permission to your terminal gives any process run from that terminal access to control Notes.app — that can expose all your notes, so only grant it to trusted terminal apps and only after installing a verified binary. If you have high-sensitivity notes, inspect the inotes source on GitHub or run it in a restricted environment first. If you plan to export notes (e.g., to JSON files), ensure those files are stored securely and not uploaded unintentionally (iCloud sync or other backup services may send them off-device).

Like a lobster shell, security has layers — review code before you run it.

Plugin bundle (nix)
Skill pack · CLI binary · Config
SKILL.mdCLIConfig
CLI help (from plugin)
inotes --version
inotes status
latestvk970wy61r23kx8c7yfb9ctyccn80ydjt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSmacOS
Binsinotes

Comments