bear-notes

SUSPICIOUS: the skill’s purpose is coherent, and its data flow appears aimed at Bear’s local x-callback API, but it relies on an unrelated third-party CLI installed from a personal GitHub repo with an unpinned @latest version and forwards a Bear API token to that tool. This is a supply-chain and credential-handling risk rather than confirmed malware.