История аудитов
bark-notify - 6 аудиты
Версия аудита 6
Последняя Средний рискJun 28, 2026, 08:16 PM
AI review did not confirm malicious intent or prompt injection. The critical static heuristic is explained by the skill purpose: it runs a local helper, reads notification configuration, and sends a Bark push request. Publish with a warning because task summaries and the Bark key can leave the local environment.
Проблемы среднего риска (3)
Проблемы низкого риска (3)
Факторы риска
⚡ Содержит скрипты (2)
🌐 Доступ к сети (2)
🔑 Переменные окружения (1)
⚙️ Внешние команды (1)
📁 Доступ к файловой системе (2)
Обнаруженные паттерны
Версия аудита 5
БезопасноJan 16, 2026, 08:46 PM
All 42 static findings are false positives. The scanner misinterpreted YAML frontmatter fields as 'weak cryptographic algorithms', bash escaping quotes as 'path traversal sequences', and standard config file paths as 'hidden file' access. This is a legitimate notification utility that reads environment variables for API configuration, reads project metadata from AGENTS.md files, and sends push notifications to the official Bark API (api.day.app). The credential access pattern is explicitly documented and required for the skill's intended function.
Факторы риска
🔑 Переменные окружения (1)
📁 Доступ к файловой системе (1)
🌐 Доступ к сети (1)
Версия аудита 4
БезопасноJan 16, 2026, 08:46 PM
All 42 static findings are false positives. The scanner misinterpreted YAML frontmatter fields as 'weak cryptographic algorithms', bash escaping quotes as 'path traversal sequences', and standard config file paths as 'hidden file' access. This is a legitimate notification utility that reads environment variables for API configuration, reads project metadata from AGENTS.md files, and sends push notifications to the official Bark API (api.day.app). The credential access pattern is explicitly documented and required for the skill's intended function.
Факторы риска
🔑 Переменные окружения (1)
📁 Доступ к файловой системе (1)
🌐 Доступ к сети (1)
Версия аудита 3
Низкий рискJan 8, 2026, 05:56 AM
Legitimate notification utility that reads environment variables for API configuration, reads project metadata from AGENTS.md files, and sends push notifications to the official Bark API (api.day.app). No suspicious patterns detected.
Факторы риска
🔑 Переменные окружения (1)
📁 Доступ к файловой системе (1)
🌐 Доступ к сети (1)
⚡ Содержит скрипты (1)
Версия аудита 2
Низкий рискJan 8, 2026, 05:56 AM
Legitimate notification utility that reads environment variables for API configuration, reads project metadata from AGENTS.md files, and sends push notifications to the official Bark API (api.day.app). No suspicious patterns detected.
Факторы риска
🔑 Переменные окружения (1)
📁 Доступ к файловой системе (1)
🌐 Доступ к сети (1)
⚡ Содержит скрипты (1)
Версия аудита 1
Низкий рискJan 8, 2026, 05:56 AM
Legitimate notification utility that reads environment variables for API configuration, reads project metadata from AGENTS.md files, and sends push notifications to the official Bark API (api.day.app). No suspicious patterns detected.