Skills
skills/heldinhow/openclaw-swarm/bear-notes/Gen Agent Trust Hub

bear-notes

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the grizzly CLI tool from a non-trusted GitHub repository (github.com/tylerwince/grizzly) using the Go module system during installation.
  • [COMMAND_EXECUTION]: Interacts with the Bear application by executing the grizzly binary through the shell, including piping content to and from the tool.
  • [DATA_EXFILTRATION]: Accesses the Bear API token stored at ~/.config/grizzly/token, which is a sensitive file containing authentication credentials.
  • [PROMPT_INJECTION]: Features an indirect prompt injection surface as it reads content from external notes that could contain malicious instructions.
  • Ingestion points: Note content is retrieved using grizzly open-note.
  • Boundary markers: No specific delimiters or warnings are used when processing note content.
  • Capability inventory: Subprocess execution (grizzly CLI) and local file access.
  • Sanitization: The skill does not explicitly sanitize or validate the content retrieved from notes before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 12:56 PM