ClawHub

Gotify

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Gotify notification sender, with expected network access and token use disclosed in the docs.

Install only if you trust the package and the Gotify server you configure. Use HTTPS, create a Gotify app token limited to message creation, restrict the credential file permissions, and avoid putting secrets or highly sensitive details in notification text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to invoke shell commands (`bash scripts/send.sh ...`) but does not declare corresponding permissions. This creates a capability mismatch where an auditor or runtime may underestimate what the skill can do, increasing the chance of unintended command execution and reducing policy enforcement visibility.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description contains broad natural-language phrases like 'notify me when this finishes' and 'push notification,' which are common in normal conversation and could cause the skill to activate in contexts the user did not intend. Because the skill performs shell-based actions and network notification sending, accidental invocation could leak task details or alter workflows unexpectedly.

Session Persistence

Medium
Category
Rogue Agent
Content
## Setup

Create the credentials file: `~/.clawdbot/credentials/gotify/config.json`

```json
{
Confidence
84% confidence
Finding
Create the credentials file: `~/.clawdbot

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal