UpNote
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward UpNote automation helper that can create or open notes through the local UpNote app, with no evidence of hidden exfiltration or destructive behavior.
This skill appears safe for normal UpNote automation. Before installing, be aware that it can create notes and notebooks in your UpNote app, so only let it run commands with content and destinations you approve.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong content or notebook, the agent could create unwanted persistent notes or notebooks in UpNote.
The script constructs UpNote x-callback URLs and opens them, which can create notes/notebooks or open views in the local UpNote app. This matches the stated purpose, but it is still a local app automation capability that can change user data.
URL="upnote://x-callback-url/note/new?" ... open "$URL"
Use the skill only for intended UpNote actions, and review note titles, content, and notebook targets before running creation commands.
Users have less provenance information and may encounter platform/runtime mismatch, though the provided artifacts do not show hidden downloads or remote code execution.
The bundled script is visible and simple, but the registry metadata does not provide an upstream source/homepage and does not declare the local `open` command or UpNote app dependency used by the script.
Source: unknown; Homepage: none; Required binaries: none
Confirm you trust the publisher and that UpNote URL automation works on your system before relying on the skill.