getnote-kb

SUSPICIOUS. The skill's capabilities are largely consistent with managing Get笔记 knowledge bases, and data appears to flow to official service endpoints rather than a third-party interceptor. The main concern is install/execution trust: the skill requires an external authenticated `getnote` CLI, but the exact binary and command surface are not cleanly verifiable from the evidence, creating medium supply-chain risk rather than clear malicious intent.