Historial de auditorías
bark-notify - 6 auditorías
Versión de auditoría 6
Más reciente Riesgo medioJun 28, 2026, 08:16 PM
AI review did not confirm malicious intent or prompt injection. The critical static heuristic is explained by the skill purpose: it runs a local helper, reads notification configuration, and sends a Bark push request. Publish with a warning because task summaries and the Bark key can leave the local environment.
Problemas de riesgo medio (3)
Problemas de riesgo bajo (3)
Factores de riesgo
⚡ Contiene scripts (2)
🌐 Acceso a red (2)
🔑 Variables de entorno (1)
⚙️ Comandos externos (1)
📁 Acceso al sistema de archivos (2)
Patrones detectados
Versión de auditoría 5
SeguroJan 16, 2026, 08:46 PM
All 42 static findings are false positives. The scanner misinterpreted YAML frontmatter fields as 'weak cryptographic algorithms', bash escaping quotes as 'path traversal sequences', and standard config file paths as 'hidden file' access. This is a legitimate notification utility that reads environment variables for API configuration, reads project metadata from AGENTS.md files, and sends push notifications to the official Bark API (api.day.app). The credential access pattern is explicitly documented and required for the skill's intended function.
Factores de riesgo
🔑 Variables de entorno (1)
📁 Acceso al sistema de archivos (1)
🌐 Acceso a red (1)
Versión de auditoría 4
SeguroJan 16, 2026, 08:46 PM
All 42 static findings are false positives. The scanner misinterpreted YAML frontmatter fields as 'weak cryptographic algorithms', bash escaping quotes as 'path traversal sequences', and standard config file paths as 'hidden file' access. This is a legitimate notification utility that reads environment variables for API configuration, reads project metadata from AGENTS.md files, and sends push notifications to the official Bark API (api.day.app). The credential access pattern is explicitly documented and required for the skill's intended function.
Factores de riesgo
🔑 Variables de entorno (1)
📁 Acceso al sistema de archivos (1)
🌐 Acceso a red (1)
Versión de auditoría 3
Riesgo bajoJan 8, 2026, 05:56 AM
Legitimate notification utility that reads environment variables for API configuration, reads project metadata from AGENTS.md files, and sends push notifications to the official Bark API (api.day.app). No suspicious patterns detected.
Factores de riesgo
🔑 Variables de entorno (1)
📁 Acceso al sistema de archivos (1)
🌐 Acceso a red (1)
⚡ Contiene scripts (1)
Versión de auditoría 2
Riesgo bajoJan 8, 2026, 05:56 AM
Legitimate notification utility that reads environment variables for API configuration, reads project metadata from AGENTS.md files, and sends push notifications to the official Bark API (api.day.app). No suspicious patterns detected.
Factores de riesgo
🔑 Variables de entorno (1)
📁 Acceso al sistema de archivos (1)
🌐 Acceso a red (1)
⚡ Contiene scripts (1)
Versión de auditoría 1
Riesgo bajoJan 8, 2026, 05:56 AM
Legitimate notification utility that reads environment variables for API configuration, reads project metadata from AGENTS.md files, and sends push notifications to the official Bark API (api.day.app). No suspicious patterns detected.