ClawHub

ntfy-notify

v1.0.5

Send ntfy.sh notifications with curl, including advanced headers like title, priority, tags, click links, action buttons, and image attachments. Use when a u...

0· 404·0 current·0 all-time
by拜拜是大猫@bigcat-byebye
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the delivered artifacts: SKILL.md + a shell script that builds a curl request to https://ntfy.sh/<topic>. One minor inconsistency: the skill invokes curl (and date) but the metadata does not declare curl as a required binary. The script also hard-codes a default topic (CaptainDragonflyBot-TopicTest001) and a default message containing the author's name, which is a behavior users should be aware of.
Instruction Scope
Runtime instructions tell the agent to run the provided scripts/send_ntfy.sh. The script only constructs a curl POST with optional ntfy headers and posts to ntfy.sh/<topic>. It does not read local files, environment variables, or other system configuration, nor does it transmit data to endpoints other than ntfy.sh (the Attach/Click/Actions values are sent as headers, and may contain external URLs supplied by the caller).
Install Mechanism
No install spec; this is instruction-only plus a bundled shell script. Nothing is downloaded or written to disk at install time. Low-risk install profile. Again, the script assumes curl is present but that binary was not declared.
Credentials
The skill requests no environment variables, credentials, or config paths. The absence of credentials means it only posts to public ntfy topics; there is no covert credential access.
Persistence & Privilege
Skill is not always-enabled and is user-invocable. It does not modify other skills or agent configuration. No elevated persistence or privileges are requested.
Assessment
This skill appears to do what it says: run the included shell script to send messages to ntfy.sh. Before installing, note: (1) ensure curl (and a POSIX date) are available on the runtime host — the skill does not declare curl as a required binary; (2) messages are posted to ntfy.sh topics — unless you use a private/authenticated topic, posted messages may be publicly visible on that topic; (3) the script hard-codes a default topic and a default message with the author’s name — change or remove those defaults if you don’t want messages sent to that topic; (4) Attach/Click/Actions fields may include external URLs supplied by callers (the ntfy server or recipients may fetch those URLs), so avoid passing untrusted inputs you don’t want redistributed. If you need authenticated/private notifications, plan to modify the script to add appropriate headers or environment-based credentials.

Like a lobster shell, security has layers — review code before you run it.

automationvk9733bcdwexawzw77h2sfaxx8n81zp3zcurlvk9733bcdwexawzw77h2sfaxx8n81zp3zlatestvk9733bcdwexawzw77h2sfaxx8n81zp3znotificationsvk9733bcdwexawzw77h2sfaxx8n81zp3zntfyvk9733bcdwexawzw77h2sfaxx8n81zp3z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments