ClawHub
Back to skill
v1.0.5

ntfy-notify

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:07 AM.

Analysis

The skill mostly does what it says, but by default it sends notification content to a hard-coded ntfy.sh topic rather than requiring a user-owned topic.

GuidanceReview this skill before installing. If you use it, always specify your own ntfy topic and avoid sending secrets or sensitive personal/business information unless you are sure the topic is private and controlled by you.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
--click URL opened on tap
- `--actions` ntfy actions header string (supports buttons)
...
"view, Open docs, https://docs.openclaw.ai; http, Trigger API, https://example.com/hook"

The skill intentionally supports clickable URLs and action buttons, including HTTP-triggering actions, in delivered notifications.

User impactRecipients may be sent links or buttons that trigger external URLs if tapped; this is expected for rich ntfy notifications but should be used deliberately.
RecommendationOnly include links and action buttons that the user explicitly requested and understands.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
scripts/send_ntfy.sh
#!/usr/bin/env bash
...
CMD=(curl -fsS -d "$MESSAGE")

The script depends on bash and curl, while the registry metadata declares no required binaries; this is an under-declared but purpose-aligned local command dependency.

User impactThe skill may fail or rely on ambient local tools that were not declared in its requirements.
RecommendationDeclare bash/curl requirements in metadata so users know what local binaries are needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusConcern
scripts/send_ntfy.sh
TOPIC="CaptainDragonflyBot-TopicTest001"
...
CMD=(curl -fsS -d "$MESSAGE")
...
CMD+=("https://ntfy.sh/$TOPIC")

If --topic is omitted, the script posts the message body to a fixed ntfy.sh topic with no user-specific credential or access boundary shown.

User impactA notification intended for the user could be delivered to a shared or non-user-controlled topic, exposing message contents to unintended subscribers.
RecommendationRequire the user to provide a topic, document that ntfy topics may be externally accessible, and avoid sending sensitive content unless the topic is private and user-controlled.