Back to skill

Security audit

Manage Apple Notes

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local Apple Notes management helper, but it can read, export, edit, and delete sensitive notes once permission is granted.

Install only from the official inotes source, verify checksums if using the manual download, and grant Notes Automation permission only if you trust the CLI. Before allowing edits, deletes, exports, or bulk archive actions, ask the agent to show the exact notes, folder/account scope, and intended operation, and avoid --force or --no-input unless you have clearly authorized that specific action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents powerful note-management operations, including create, edit, delete, search, and bulk export, but does not clearly warn that these actions can expose or modify potentially sensitive Apple Notes content. In an agent context, this omission matters because notes often contain personal, financial, medical, or work data, and examples like full JSON export and bulk archive can lead to large-scale disclosure or unintended modification if used without explicit user awareness.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.