vitoropereira/bear-notes
.claude/skills/bear-notes/SKILL.md
Create, search, and manage Bear notes via grizzly CLI.
tools
Updated Apr 17, 2026
$ install --global
skillsauthnpx skillsauth add vitoropereira/claude-starter-kit bear-notesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Error
VirusTotalMulti-engine malware detection
70%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 24, 2026, 10:59 AM41.6s1 file scanned
SKILL.md
- name:
- bear-notes
- description:
- Create, search, and manage Bear notes via grizzly CLI.
- homepage:
- https://bear.app
- "emoji":
- 🐻",
- "os":
- ["darwin"],
- "requires":
- { "bins": ["grizzly"] },
- "id":
- go",
- "kind":
- go",
- "module":
- github.com/tylerwince/grizzly/cmd/grizzly@latest",
- "bins":
- ["grizzly"],
- "label":
- Install grizzly (go)",
Bear Notes
Use grizzly to create, read, and manage notes in Bear on macOS.
Requirements
- Bear app installed and running
- For some operations (add-text, tags, open-note --selected), a Bear app token (stored in
~/.config/grizzly/token)
Getting a Bear Token
For operations that require a token (add-text, tags, open-note --selected), you need an authentication token:
- Open Bear → Help → API Token → Copy Token
- Save it:
echo "YOUR_TOKEN" > ~/.config/grizzly/token
Common Commands
Create a note
echo "Note content here" | grizzly create --title "My Note" --tag work
grizzly create --title "Quick Note" --tag inbox < /dev/null
Open/read a note by ID
grizzly open-note --id "NOTE_ID" --enable-callback --json
Append text to a note
echo "Additional content" | grizzly add-text --id "NOTE_ID" --mode append --token-file ~/.config/grizzly/token
List all tags
grizzly tags --enable-callback --json --token-file ~/.config/grizzly/token
Search notes (via open-tag)
grizzly open-tag --name "work" --enable-callback --json
Options
Common flags:
--dry-run— Preview the URL without executing--print-url— Show the x-callback-url--enable-callback— Wait for Bear's response (needed for reading data)--json— Output as JSON (when using callbacks)--token-file PATH— Path to Bear API token file
Configuration
Grizzly reads config from (in priority order):
- CLI flags
- Environment variables (
GRIZZLY_TOKEN_FILE,GRIZZLY_CALLBACK_URL,GRIZZLY_TIMEOUT) .grizzly.tomlin current directory~/.config/grizzly/config.toml
Example ~/.config/grizzly/config.toml:
token_file = "~/.config/grizzly/token"
callback_url = "http://127.0.0.1:42123/success"
timeout = "5s"
Notes
- Bear must be running for commands to work
- Note IDs are Bear's internal identifiers (visible in note info or via callbacks)
- Use
--enable-callbackwhen you need to read data back from Bear - Some operations require a valid token (add-text, tags, open-note --selected)
Related Skills
vitoropereira/investor-outreach
testing
VerifiedTrustedCommunity
Draft cold emails, warm intro blurbs, follow-ups, update emails, and investor communications for fundraising. Use when the user wants outreach to angels, VCs, strategic investors, or accelerators and needs concise, personalized, investor-facing messaging.
SKILL.mdUpdated Apr 17, 2026
vitoropereira/investor-materials
testing
VerifiedTrustedCommunity
Create and update pitch decks, one-pagers, investor memos, accelerator applications, financial models, and fundraising materials. Use when the user needs investor-facing documents, projections, use-of-funds tables, milestone plans, or materials that must stay internally consistent across multiple fundraising assets.
SKILL.mdUpdated Apr 17, 2026
vitoropereira/imsg
tools
VerifiedTrustedCommunity
iMessage/SMS CLI for listing chats, history, and sending messages via Messages.app.
SKILL.mdUpdated Apr 17, 2026
vitoropereira/IDOR Vulnerability Testing
development
VerifiedTrustedCommunity
This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." Adapted for MGM-Web multi-tenant architecture.
SKILL.mdUpdated Apr 17, 2026