asc-notarization

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Executes several macOS system utilities including security, xcodebuild, codesign, ditto, and hdiutil to manage code signing identities, archive applications, and create distribution packages.- [COMMAND_EXECUTION]: Utilizes the asc CLI tool to interact with Apple's Notary API v2 for submitting binaries and checking notarization status.- [COMMAND_EXECUTION]: Performs sensitive keychain operations, such as security find-identity and security find-certificate, to locate signing assets.- [COMMAND_EXECUTION]: Includes a troubleshooting step that uses security remove-trusted-cert to clear custom trust overrides that can interfere with the Developer ID certificate chain.- [EXTERNAL_DOWNLOADS]: Fetches notarization logs from a remote URL (LOG_URL) provided by the service response to debug failures.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 08:50 AM
Security Audit — agent-trust-hub — asc-notarization