apple-notes

SUSPICIOUS: the skill’s purpose mostly matches its capabilities, but it depends on an external CLI and an on-demand fetched worker without clear provenance in the provided content. Sync credentials are proportionate, yet data is routed to a user-specified backend and plaintext titles/folder names leave the device, making this a medium-risk skill rather than a clearly benign one.