bear-notes
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation process fetches a Go binary from a personal GitHub repository (github.com/tylerwince/grizzly), which is not a verified vendor or trusted organization.
- [COMMAND_EXECUTION]: The skill relies on shell command execution to interact with the grizzly tool and the local filesystem, including the use of pipes and input/output redirection.
- [CREDENTIALS_UNSAFE]: The skill facilitates the handling of a Bear API token and specifies its storage in a plaintext file on the local filesystem (~/.config/grizzly/token).
Audit Metadata