Security audit
Agent Bark Notify
Security checks across malware telemetry and agentic risk
Overview
This is a narrowly scoped Bark notification helper, with disclosed credential handling, but the scanned package appears to omit the script it tells agents to run.
Before installing, confirm the package includes the referenced bark-notify.py script in the version you receive. If you use it, keep the Bark device key out of repositories, store it only in private local config, and review notification text and any server/icon overrides before sending.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
