Security Audit

apple-notes-custom

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

apple-notes-custom received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 8 findings: 6 critical, 0 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unescaped LIMIT in AppleScript, Command Injection via unescaped QUERY in mdfind (Spotlight mode).

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

86%

Dependency Graph

100%

LLM Behavioral Safety

Behavioral Risk Signals

Shell Execution

8 findings

Dynamic Code

6 findings

Excessive Permissions

2 findings

Security Findings8

Severity	Finding	Layer	Location
CRITICAL	Command Injection via unescaped LIMIT in AppleScript The `LIMIT` variable, which is user-controlled, is directly interpolated into an `osascript` block without proper escaping for AppleScript. An attacker can inject arbitrary AppleScript commands, including `do shell script` to execute shell commands, leading to remote code execution. Escape the `$LIMIT` variable before interpolating it into the `osascript` block. For integer values, ensure strict type casting or validation. A safer approach would be to pass the limit as a parameter to `osascript` using `-e` flags or by writing it to a temporary file and reading it within AppleScript, or by using `printf %q` for shell-safe quoting if it were a string.	LLM	scripts/notes-list.sh:25
CRITICAL	Command Injection via unescaped QUERY in mdfind (Spotlight mode) In Spotlight search mode, the user-controlled `QUERY` variable is directly interpolated into the `mdfind` command string. This allows for shell command injection if the `QUERY` contains shell metacharacters (e.g., `$(command)` or backticks), leading to arbitrary code execution. Properly escape the `$QUERY` variable for shell execution before passing it to `mdfind`. Consider using `printf %q` or ensuring the variable is quoted and sanitized to prevent shell expansion.	LLM	scripts/notes-search.sh:37
CRITICAL	Command Injection via unescaped LIMIT in head command (Spotlight mode) In Spotlight search mode, the user-controlled `LIMIT` variable is directly interpolated into the `head -$LIMIT` command. This allows for shell command injection if `LIMIT` contains shell metacharacters, leading to arbitrary code execution. Properly escape the `$LIMIT` variable for shell execution. Ensure it is strictly an integer and validate it before use, or pass it as a separate argument to `head` if possible, ensuring it's quoted.	LLM	scripts/notes-search.sh:37
CRITICAL	AppleScript Injection via unescaped QUERY in AppleScript (Spotlight mode) In Spotlight search mode, within the `osascript` block, the user-controlled `QUERY` variable is directly interpolated into an AppleScript string comparison. This allows for AppleScript injection, including `do shell script` commands, leading to arbitrary code execution. Use the `escape_as` function (defined in `_resolve_folder.sh`) to sanitize the `$QUERY` variable before interpolating it into the `osascript` block. For example, `if name of n contains "$(escape_as "$QUERY")" then`.	LLM	scripts/notes-search.sh:49
CRITICAL	Command Injection via unescaped LIMIT in AppleScript (Regular search mode) In regular search mode, the `LIMIT` variable, which is user-controlled, is directly interpolated into an `osascript` block without proper escaping for AppleScript. An attacker can inject arbitrary AppleScript commands, including `do shell script` to execute shell commands, leading to remote code execution. Escape the `$LIMIT` variable before interpolating it into the `osascript` block. For integer values, ensure strict type casting or validation. A safer approach would be to pass the limit as a parameter to `osascript` using `-e` flags or by writing it to a temporary file and reading it within AppleScript, or by using `printf %q` for shell-safe quoting if it were a string.	LLM	scripts/notes-search.sh:74
CRITICAL	Command Injection via unescaped OUTPUT_DIR in mkdir The `OUTPUT_DIR` variable, which is user-controlled, is directly used in a `mkdir -p "$OUTPUT_DIR"` command without proper shell escaping. An attacker can inject shell metacharacters into `OUTPUT_DIR` to execute arbitrary commands. Sanitize the `$OUTPUT_DIR` variable to remove or escape any shell metacharacters before using it in `mkdir`. A robust solution would be to use `printf %q` to shell-quote the variable: `mkdir -p $(printf %q "$OUTPUT_DIR")`.	LLM	scripts/notes-attachment.sh:40
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/shad0wca7/apple-notes-applescript/scripts/notes-attachment.sh:18
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/shad0wca7/apple-notes-applescript/scripts/notes-read.sh:20

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/e26d45c40a4c5bc3.svg)](https://skillshield.io/report/e26d45c40a4c5bc3)