ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Remindy

v1.0.0

Email and browser push notification reminders delivered 15 minutes before scheduled events.

0· 75·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for krishnakumarmahadevan-cmd/toolweb-remindy.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Remindy" (krishnakumarmahadevan-cmd/toolweb-remindy) from ClawHub.
Skill page: https://clawhub.ai/krishnakumarmahadevan-cmd/toolweb-remindy
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install toolweb-remindy

ClawHub CLI

Package manager switcher

npx clawhub@latest install toolweb-remindy
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the included API docs (endpoints for creating/listing reminders, push subscription, VAPID key). However the package provides only documentation (no host URL, no security scheme, no required credentials) while the pricing and hosted-service language imply an external, authenticated API. A real production reminder service would normally publish a base server URL and an authentication mechanism (API key, OAuth) — their absence is unexpected.
Instruction Scope
SKILL.md is a specification-style usage doc and does not instruct the agent to read local files, environment variables, or system state, nor to run shell commands. It stays within the scope of describing HTTP endpoints and request/response shapes. However the docs reference relative endpoints (e.g., /api/reminders/create) without a base URL, which would force an agent or integrator to guess or request a host, creating ambiguity.
Install Mechanism
There is no install specification and no code files to be written to disk. Instruction-only skills are lower risk; nothing is downloaded or installed by the skill itself.
Credentials
The skill declares no required environment variables or credentials. That is reasonable for a pure documentation/spec asset, but surprising for a service that sends email and push notifications: production use normally requires API keys, SMTP credentials, or similar secrets. The lack of declared auth could lead integrators or agents to supply credentials in an ad-hoc way, which is risky.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not request system or other-skill configuration modifications. Autonomous invocation is allowed by default but is not combined with other high-privilege requests here.
What to consider before installing
This skill appears to be API documentation for a hosted reminder service rather than runnable code; however important trust and operational details are missing. Before installing or using it: 1) Ask the publisher for the service base URL and an explanation of how authentication is performed (API key, OAuth, etc.). Do not paste secrets into chat. 2) Verify the publisher/source (there is no homepage and source is unknown); prefer skills from known providers. 3) If you plan to integrate, test against a staging/dummy account first and confirm TLS and authentication. 4) Treat any prompts from the agent requesting credentials or tokens as sensitive — prefer to provide short-lived tokens and revoke them after testing. 5) If you need a hosted reminder service, consider a provider with documented security (privacy policy, contact, and published base URLs) or implement server-side components under your control. These gaps make the skill suspicious but not definitively malicious; additional information about the service operator and its authentication model would raise confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk972tzb0x0b55z5kvt4jgzn3bn8494kt
75downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
ToolWeb@krishnakumarmahadevan-cmd
latest
Download

Overview

Remindy is a smart reminder service that delivers timely notifications via email and browser push notifications. The service automatically triggers reminders 15 minutes before your scheduled events, ensuring you never miss important dates, meetings, or tasks. Built with security best practices, Remindy integrates seamlessly with web applications through push subscription management and flexible reminder scheduling.

Remindy supports multiple notification channels including email and browser push notifications, with full timezone awareness. Users can create, manage, and delete reminders while maintaining complete control over their notification preferences. The service uses the Web Push Protocol (VAPID) for secure browser notifications, making it ideal for productivity applications, event management systems, and personal scheduling tools.

Whether you're building a project management platform, calendar application, or task tracking system, Remindy provides a reliable backend for user notification management with minimal integration overhead.

Usage

Create a Reminder

POST /api/reminders/create

{
  "userId": 12345,
  "title": "Team Meeting",
  "description": "Quarterly planning session with stakeholders",
  "remindAt": "2025-01-15T14:00:00",
  "timezone": "America/New_York",
  "channel": "email",
  "notifyEmail": "john.doe@example.com"
}

Response:

{
  "success": true,
  "reminderId": "reminder_abc123xyz",
  "message": "Reminder created successfully",
  "scheduledFor": "2025-01-15T14:00:00"
}

List Reminders

POST /api/reminders/list

{
  "userId": 12345
}

Response:

{
  "reminders": [
    {
      "reminderId": "reminder_abc123xyz",
      "title": "Team Meeting",
      "description": "Quarterly planning session with stakeholders",
      "remindAt": "2025-01-15T14:00:00",
      "timezone": "America/New_York",
      "channel": "email",
      "status": "active",
      "createdAt": "2025-01-10T09:30:00"
    },
    {
      "reminderId": "reminder_def456uvw",
      "title": "Project Deadline",
      "description": null,
      "remindAt": "2025-01-20T17:00:00",
      "timezone": "UTC",
      "channel": "push",
      "status": "active",
      "createdAt": "2025-01-10T10:15:00"
    }
  ],
  "total": 2
}

Endpoints

Push Notifications

POST /api/push/subscribe

Save or update a user's push subscription for browser notifications.

Parameters:

  • userId (integer, required): Unique user identifier
  • endpoint (string, required): Browser push service endpoint URL
  • p256dh (string, required): Diffie-Hellman public key for encryption
  • auth (string, required): Authentication secret for push messages

Response:

{
  "success": true,
  "message": "Push subscription saved"
}

POST /api/push/unsubscribe

Remove a user's push subscription.

Parameters:

  • userId (integer, required): Unique user identifier

Response:

{
  "success": true,
  "message": "Push subscription removed"
}

GET /api/push/vapid-public-key

Retrieve the VAPID public key required for client-side push notification setup.

Parameters: None

Response:

{
  "publicKey": "BEX_public_key_base64_encoded_string"
}

POST /api/push/status

Check whether a user has an active push subscription.

Parameters:

  • userId (integer, required): Unique user identifier

Response:

{
  "userId": 12345,
  "subscribed": true,
  "endpoint": "https://...",
  "subscribedAt": "2025-01-10T08:30:00"
}

Reminders

POST /api/reminders/create

Create a new reminder with email and/or push notification settings.

Parameters:

  • userId (integer, required): Unique user identifier
  • title (string, required): Reminder title
  • description (string, optional): Detailed description of the reminder
  • remindAt (string, required): ISO 8601 datetime when reminder should trigger
  • timezone (string, optional, default: "UTC"): IANA timezone identifier
  • channel (string, optional, default: "email"): Notification channel ("email" or "push")
  • notifyEmail (string, optional): Email address for notification (required if channel is "email")

Response:

{
  "success": true,
  "reminderId": "reminder_abc123xyz",
  "scheduledFor": "2025-01-15T14:00:00"
}

POST /api/reminders/list

Retrieve all reminders for a specific user.

Parameters:

  • userId (integer, required): Unique user identifier

Response:

{
  "reminders": [
    {
      "reminderId": "string",
      "title": "string",
      "description": "string or null",
      "remindAt": "string (ISO 8601)",
      "timezone": "string",
      "channel": "string",
      "status": "string",
      "createdAt": "string (ISO 8601)"
    }
  ],
  "total": 0
}

POST /api/reminders/delete

Delete a reminder by ID.

Parameters:

  • reminderId (string, required): Unique reminder identifier
  • userId (integer, required): Unique user identifier

Response:

{
  "success": true,
  "message": "Reminder deleted successfully"
}

Health & Status

GET /

Root endpoint returning service information.

Response:

{
  "service": "Remindy",
  "version": "2.0.0",
  "status": "operational"
}

GET /health

Health check endpoint for monitoring service availability.

Response:

{
  "status": "healthy",
  "timestamp": "2025-01-10T12:00:00Z"
}

Pricing

PlanCalls/DayCalls/MonthPrice
Free550Free
Developer20500$39/mo
Professional2005,000$99/mo
Enterprise100,0001,000,000$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Comments

Loading comments...