apple-notes

[Skill Scanner] Installation of third-party script detected All findings: [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] BENIGN: The skill manifest describes a macOS Notes management CLI with standard install paths, explicit automation permissions for Apple Notes, and features consistent with the stated purpose. No suspicious data exfiltration, credential handling, or remote execution patterns are evident. The required automation access is a legitimate risk-area but proportional to the described functionality. LLM verification: The documented skill correctly describes a tool to manage Apple Notes via a local CLI and necessarily requires macOS Automation permissions to operate. The primary security concern is supply‑chain risk: installing code from a third‑party Homebrew tap or via pip without pinned checksums/signatures can lead to a compromised package gaining access to all user notes. No explicit malicious code or obfuscation is visible in the provided documentation, but because the installed tool receives high‑sensi