better-bear
mcp
Fail
Health Warn
- License — License: MIT
- No description — Repository has no description
- Active repo — Last push 0 days ago
- Community trust — 44 GitHub stars
Code Fail
- rm -rf — Recursive force deletion command in install.sh
- process.env — Environment variable access in mcp-server/src/bcli.ts
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool provides a CLI and MCP server for interacting with Bear notes via CloudKit, offering an alternative to direct SQLite database manipulation or x-callback-urls.
Security Assessment
The overall risk is rated as Medium. The primary security concern is the installation method: piping a remote bash script directly to execution (`curl | bash`). The rule-based scan failed after finding a `rm -rf` recursive force deletion command inside this install script, which could be dangerous if the script changes or is compromised. Additionally, the code accesses environment variables and makes network requests to CloudKit for syncing notes, which is expected for its functionality. No dangerous system permissions or hardcoded secrets were detected.
Quality Assessment
The project is actively maintained, with its most recent push occurring today. It uses the standard, permissive MIT license and has accrued 44 GitHub stars, indicating a fair level of community adoption and trust. A minor quality drawback is the lack of a description in the repository metadata, though the actual documentation is robust.
Verdict
Use with caution: the active maintenance and MIT license are positive signs, but users should manually review the install script before executing it to ensure the `rm -rf` command targets only the intended directories.
This tool provides a CLI and MCP server for interacting with Bear notes via CloudKit, offering an alternative to direct SQLite database manipulation or x-callback-urls.
Security Assessment
The overall risk is rated as Medium. The primary security concern is the installation method: piping a remote bash script directly to execution (`curl | bash`). The rule-based scan failed after finding a `rm -rf` recursive force deletion command inside this install script, which could be dangerous if the script changes or is compromised. Additionally, the code accesses environment variables and makes network requests to CloudKit for syncing notes, which is expected for its functionality. No dangerous system permissions or hardcoded secrets were detected.
Quality Assessment
The project is actively maintained, with its most recent push occurring today. It uses the standard, permissive MIT license and has accrued 44 GitHub stars, indicating a fair level of community adoption and trust. A minor quality drawback is the lack of a description in the repository metadata, though the actual documentation is robust.
Verdict
Use with caution: the active maintenance and MIT license are positive signs, but users should manually review the install script before executing it to ensure the `rm -rf` command targets only the intended directories.
README.md
better-bear
A CLI and MCP server for Bear notes via CloudKit. No SQLite hacking, no x-callback-url.
Docs, install instructions, and full command reference: better-bear.com
Quick install
curl -sL https://raw.githubusercontent.com/mreider/better-bear-cli/main/install.sh | bash
bcli auth
Upgrade
bcli upgrade
Contributors
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found