Notify
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: notify Version: 1.0.1 The skill bundle contains metadata and detailed instructions for an AI agent on how to deliver notifications effectively. The `SKILL.md` file outlines best practices for channel selection, timing, formatting, and escalation, explicitly advising against spam and unauthorized contact. There are no instructions for the agent to perform malicious actions like data exfiltration, arbitrary command execution, or prompt injection attempts to bypass user intent or access sensitive data. All content is aligned with the stated purpose of 'Smart Notification Delivery'.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may notify the user immediately, including outside quiet hours, for events it considers critical.
The skill guides an agent to send urgent notifications across channels and sometimes bypass quiet hours. This is expected for notification handling, but it can interrupt users if criticality or channels are misconfigured.
System down, security alert | Push + primary chat | Immediate, 24/7 ... Critical (level 5) can break quiet hours
Define notification channels, timezone, quiet hours, and what counts as critical before relying on this skill.
Notification history or watch lists could expose sensitive project, security, or operational details if stored or shared carelessly.
The skill description indicates persistent tracking and logging of notification activity. This is aligned with notification management, but watched conditions and sent-message logs may reveal sensitive workflows.
Track what's being watched, log what's been sent.
Keep notification logs scoped to the intended user or workspace, avoid logging unnecessary sensitive content, and periodically clean up old entries.