Pushover
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a disclosed Pushover integration, but it requires Membrane/Pushover authorization and can change notification groups or send emergency notifications, so actions should be reviewed before use.
This skill is coherent for managing Pushover through Membrane. Before installing, verify the Membrane CLI package, understand that authentication/credential refresh is handled by Membrane, and require explicit review for actions that change groups, disable users, or send emergency notifications.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change group membership, disable delivery to users, or send/cancel important notifications if instructed to do so.
The skill exposes mutating Pushover operations and emergency notification actions. These fit the stated integration purpose, but they can affect users' notification delivery and should be user-directed.
| Disable User in Group | ... stop sending notifications | ... | Remove User from Group | ... | Send Emergency Message |
Confirm the target user/group, message contents, and emergency-notification intent before allowing mutating actions.
Installing and using the skill may grant Membrane-managed access to the connected Pushover account or API credentials.
The integration requires delegated account access and credential handling through Membrane. This is expected for a Pushover connector, but it is still sensitive authority.
Requires network access and a valid Membrane account ... Membrane handles authentication and credentials refresh automatically
Use only an account you intend the agent to access, review Membrane connection permissions, and revoke the connection if no longer needed.
Users will run whatever version is current in the package registry at install time.
The setup uses a globally installed, unpinned latest CLI package. This is central to the Membrane-based workflow, but it means the installed code is not fixed to a reviewed version.
npm install -g @membranehq/cli@latest
Prefer a pinned CLI version where possible and verify the package source before installing globally.