Skills
skills/openclaw/skills/pushover-notify/Gen Agent Trust Hub

pushover-notify

Pass

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: LOW
Full Analysis

The skill consists of a Markdown instruction file, a metadata file, an API reference, and a Node.js script (scripts/pushover_send.js).

  1. Prompt Injection: No patterns indicative of prompt injection were found in any of the files.
  2. Data Exfiltration: The Node.js script makes an HTTP POST request to https://api.pushover.net/1/messages.json. This is the core functionality of the skill, sending user-provided message content and credentials (Pushover app token and user key) to the legitimate Pushover API. Credentials are correctly handled via environment variables, and the skill explicitly advises against hardcoding them. This is considered intended and non-malicious data transmission to a third-party service, not exfiltration.
  3. Obfuscation: No obfuscated content (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) was detected in any of the files.
  4. Unverifiable Dependencies: The Node.js script uses the fetch API. In modern Node.js environments (v18+), fetch is built-in. The skill does not include any npm install or similar commands, implying it relies on native Node.js capabilities. No external code downloads or installations from unverified sources were identified.
  5. Privilege Escalation: No commands like sudo, chmod 777, or attempts to modify system-level files were found.
  6. Persistence Mechanisms: No attempts to modify shell configuration files (.bashrc, .zshrc), create cron jobs, or establish other persistence mechanisms were detected.
  7. Metadata Poisoning: The _meta.json file and SKILL.md metadata fields are clean and do not contain any hidden malicious instructions.
  8. Indirect Prompt Injection: This skill is an output mechanism (sending notifications) and does not process external content that could be used for indirect prompt injection into the LLM.
  9. Time-Delayed / Conditional Attacks: No conditional logic based on dates, usage counts, or specific environments that would trigger delayed malicious behavior was found.

Overall, the skill is well-behaved, transparent, and performs its stated function without introducing any security risks.

Audit Metadata
Risk Level
LOW
Analyzed
Feb 12, 2026, 11:50 PM