bear-notes

SUSPICIOUS: The skill's capabilities fit Bear note management, but its trust model is weaker than ideal because it installs an unpinned third-party CLI from a personal GitHub repo and forwards a Bear API token to that tool. Data flows appear locally consistent with Bear's x-callback API rather than overt exfiltration, so this is not confirmed malicious, but the external credential-handling dependency makes it medium risk.