Back to skill

Security audit

Gotify

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Gotify notification skill with expected network use and token storage for its stated purpose.

Install this only if you want Clawbot to send Gotify push notifications. Use HTTPS, create a Gotify token limited to message creation, keep the credential file private, and avoid putting secrets or highly sensitive task details in notification messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs the agent to execute shell commands such as `bash scripts/send.sh`, but the metadata declares only required binaries and no explicit permissions model. That mismatch can cause the platform or user to underestimate the skill's execution capabilities, increasing the chance of unintended command execution in contexts where shell use should be gated or reviewed.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad, including generic requests like "notify me when this finishes" and "push notification," which may cause the skill to activate in situations the user did not specifically intend for Gotify. In this skill, activation can lead to shell command generation/execution and outbound network requests containing task names, status, or other potentially sensitive content, so accidental invocation has real security and privacy impact.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.