Back to skill

Security audit

Agent Bark Notify

Security checks across malware telemetry and agentic risk

Overview

This is a narrowly scoped Bark notification helper, with disclosed credential handling, but the scanned package appears to omit the script it tells agents to run.

Before installing, confirm the package includes the referenced bark-notify.py script in the version you receive. If you use it, keep the Bark device key out of repositories, store it only in private local config, and review notification text and any server/icon overrides before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.