Back to skill
Skillv1.0.0
VirusTotal security
Notify with Pushover · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:13 AM
- Hash
- c5e718e7aba6c872b37c6d34aa093e00996ba00e9fd3a4f735850fe8033408cf
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: pushover-notify Version: 1.0.0 The OpenClaw skill 'pushover-notify' is benign. Its purpose is to send push notifications via Pushover, which is clearly stated in `SKILL.md`. The `scripts/pushover_send.js` script correctly implements this functionality by making a POST request to the official Pushover API endpoint (https://api.pushover.net/1/messages.json). It securely retrieves credentials from environment variables (`PUSHOVER_APP_TOKEN`, `PUSHOVER_USER_KEY`) as instructed in `SKILL.md`, and does not attempt to exfiltrate data to unauthorized endpoints, execute arbitrary code, or establish persistence. There are no signs of prompt injection attempts in `SKILL.md` or any other malicious behavior.
- External report
- View on VirusTotal