ClawHub

Bark Notifications

v1.0.0

Send push notifications to iOS devices via Bark app (https://github.com/Finb/Bark). Use when user asks to push a notification to their iPhone, send a Bark no...

0· 75·0 current·0 all-time
by@yanbo92
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Bark push notifications) align with the instructions: the skill reads a Bark key and sends requests to the Bark API. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Instructions are narrowly scoped to reading/writing ~/.bark/key and calling the Bark API via curl. This is appropriate for the stated purpose, but the skill explicitly instructs the agent to write a plaintext key file in the user's home directory and to execute shell commands (curl), which are privacy/safety-relevant actions the user should consent to.
Install Mechanism
No install spec or external downloads; skill is instruction-only, so nothing is written to disk by an installer. This is the lowest-risk install profile.
Credentials
No environment variables or external credentials are requested. The only secret is the Bark key stored in ~/.bark/key (plain text). Requesting a single service key is proportional, but storing it unencrypted in the home directory is a potential privacy concern.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill writes/reads a file in the user's home (~/.bark/key), giving it persistent local state; it does not modify other skills or system-wide settings. Users should be aware the agent will retain the key on disk unless removed.
Assessment
This skill is coherent with its purpose but performs two sensitive actions: it will execute curl (network access) and write your Bark key in plaintext to ~/.bark/key. Only install/use it if you trust the agent. Suggested precautions: (1) provide a throwaway or limited Bark key if possible, (2) prefer entering the key on demand rather than permanently storing it, (3) if you store the key, set tight permissions (chmod 600 ~/.bark/key) and remove the file when you no longer want the skill to send notifications, (4) verify that the agent has no other unexpected shell/network privileges, and (5) consider using a self-hosted Bark endpoint if you want to avoid the public api.day.app. If you are uncomfortable with the agent writing secrets to disk, send Bark notifications manually via curl instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk973cart2vnc1xzdp46a0yg6518457gm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments