Skills
skills/sundial-org/awesome-openclaw-skills/gotify/Gen Agent Trust Hub

gotify

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the system binaries curl and jq within scripts/send.sh to construct API payloads and perform network requests to the Gotify server.
  • [DATA_EXFILTRATION]: The script transmits notification data (title, message, and priority) and an application token to a user-defined Gotify server URL. This behavior is documented and is the core intended functionality of the skill.
  • [SAFE]: Secret management is handled securely by instructing the user to store API tokens and server URLs in a local configuration file at ~/.clawdbot/credentials/gotify/config.json, avoiding hardcoded secrets in the code.
  • [SAFE]: The shell script uses jq --arg to build the JSON payload, which ensures that user-supplied text for the message and title is properly escaped, preventing JSON or command injection during the transmission process.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 12:25 AM