ClawHub

Manage Apple Notes

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for managing Apple Notes, but it legitimately needs Notes automation access and can read, edit, or delete notes, so users should use it deliberately.

Before installing, verify the inotes source and checksum. Only grant Notes Automation access if you are comfortable letting the CLI manage your notes. Ask the agent to show what it plans to change before edits, deletes, bulk archive actions, or exports, and avoid --force unless you are sure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

If granted, the tool can read and change notes that may contain private, work, or account-related information.

Why it was flagged

Automation permission is necessary for the stated purpose, but it allows the CLI/terminal to access and modify Apple Notes data.

Skill content
⚠️ **Requires macOS Automation permission** for Notes.app ... supports all CRUD operations plus search.
Recommendation

Grant Notes Automation access only if you trust the inotes CLI, and revoke it in macOS Privacy & Security settings if no longer needed.

#
ASI02: Tool Misuse and Exploitation
Medium
What this means

A mistaken command could delete or modify notes without an interactive confirmation prompt.

Why it was flagged

The skill documents destructive and prompt-bypassing options. They are expected for a Notes management CLI, but should not be used casually by an agent.

Skill content
inotes delete 1 --force      # skip confirmation ... Use `--no-input` to disable interactive prompts in non-interactive contexts.
Recommendation

Require explicit user confirmation for delete, edit, bulk archive, and export-all operations, especially before using --force or --no-input.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Installing the external binary gives that binary local execution capability and Notes automation access once permission is granted.

Why it was flagged

The skill depends on an external CLI installed from a Homebrew tap or GitHub Release rather than code included in the skill package.

Skill content
brew install wangwalk/tap/inotes ... curl -LO https://github.com/wangwalk/inotes/releases/download/v0.1.2/inotes-0.1.2-universal-apple-darwin.tar.gz
Recommendation

Install only from the official project source, verify release checksums, and keep the CLI updated from a trusted channel.