Get Notes Auto Sync
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/dashboard.jsandscripts/sync.jsfiles use Node.jschild_processmodules (exec,spawn) to manage synchronization tasks, trigger macOS system notifications via osascript, and open the local dashboard in the default web browser.\n- [EXTERNAL_DOWNLOADS]: During installation, the skill utilizes Playwright to download the Chromium browser binary, which is required for the automated authentication flow on biji.com.\n- [CREDENTIALS_UNSAFE]: The skill caches JWT authentication tokens and Playwright storage state in local files (.token-cache.json,.auth-state.json) to enable persistent sessions and background synchronization.\n- [DATA_EXFILTRATION]: The skill communicates with the official Get Notes API endpoints (get-notes.luojilab.com) to fetch note metadata, content, and audio transcriptions as part of its primary synchronization function.
Audit Metadata