Skillv1.2.0

ClawScan security

barkpush · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:09 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the described Bark push functionality, but there are mismatches between its declared environment/metadata and the actual code (it reads environment variables and writes local state), and configuration choices (custom push URL, plaintext device keys) could be abused if misconfigured — review before installing.
Guidance: This skill's code matches its push-notification purpose, but check these before installing: - Inspect config.json (or the example) and avoid putting high-value secrets there unless you trust the skill. Device keys are stored in plaintext by design. - Be cautious about the default_push_url: only use the official Bark endpoint (https://api.day.app) or a server you control; if the URL is pointed to an untrusted host, the skill will POST device_keys and message payloads to that host. - Note that environment overrides (tests reference BARK_USERS and BARK_CIPHERTEXT) are supported even though the skill metadata lists no required env vars — if you rely on environment variables, confirm their names and values. - The skill will create a state directory (e.g., ~/.bark-push or .bark-push) and write history/config files; review and secure those files if they contain sensitive keys. If you need higher assurance: review the bundled Python files (config_manager.py, bark_api.py, user_manager.py) to confirm exactly which env vars are read and that network targets are acceptable. If you cannot review the code, treat the skill as untrusted and avoid storing sensitive device keys in its config.

Review Dimensions

Purpose & Capability: noteThe code and documentation implement a Bark push client (user aliases, history, content parsing, update/delete). That matches the name/description. However the metadata in SKILL.md declares no required environment variables while the code and tests reference environment overrides (e.g. BARK_USERS, BARK_CIPHERTEXT) and the config allows a custom default_push_url — these are functional but not declared in the skill metadata, which is an inconsistency worth noting.
Instruction Scope: okSKILL.md and the code limit actions to reading/writing a local state directory (config + history), parsing content, and posting push payloads to the configured Bark endpoint. The instructions do not ask the agent to read unrelated system files or exfiltrate arbitrary data. Network activity is targeted at the configured push endpoint.
Install Mechanism: okNo external install/download spec is present; the bundle contains Python source and docs. There are no remote archive downloads or installers in the manifest. This is a lower install risk because nothing is fetched from arbitrary URLs during install.
Credentials: concernThe skill declares no required env vars but the tests and code accept environment overrides (BARK_USERS, BARK_CIPHERTEXT) and may accept other env-based overrides (architecture docs mention env overrides). The skill relies on device keys stored in config.json (plaintext). A malicious or mistaken configuration for default_push_url (or an environment override) could cause device_keys and payloads to be posted to an attacker-controlled endpoint. Requesting no credentials in the registry while supporting env overrides is an inconsistency that reduces transparency.
Persistence & Privilege: noteThe skill writes state into a dedicated state dir (e.g., ~/.bark-push or ./config.json and history.json). always:false and no modifications to other skills or system-wide settings are present. Persisting config and history is expected for this functionality, but users should be aware it will create and modify files in their home or working directory.