Security Audit
Pocket Alert – Push Notifications for iOS and Android
github.com/openclaw/skillsTrust Assessment
Pocket Alert – Push Notifications for iOS and Android received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via CLI arguments, API Key stored in plaintext, vulnerable to exfiltration, Unverified external binary download for CLI tool.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via CLI arguments The skill's core functionality relies on executing the `pocketalert` CLI tool. Several examples within the documentation, particularly in the 'CI/CD Integration Examples' section, demonstrate that arguments like `--message` can contain shell command substitutions (e.g., `$(uptime)`, `$(hostname)`). If an AI agent constructs these command arguments from untrusted user input without proper sanitization or escaping of shell metacharacters, an attacker could inject arbitrary shell commands. This could lead to remote code execution on the host system where the agent is running, allowing for data exfiltration, system modification, or further compromise. When constructing CLI commands from untrusted input, ensure all arguments are properly escaped to prevent shell metacharacter interpretation. Use a library or function designed for safe command execution (e.g., `subprocess.run` with `shell=False` and passing arguments as a list in Python, or similar safe execution methods in other languages). Avoid directly concatenating untrusted strings into shell commands. | LLM | SKILL.md:102 | |
| HIGH | API Key stored in plaintext, vulnerable to exfiltration The `pocketalert` CLI stores the user's API key in plaintext within `~/.pocketalert/config.json`. If the AI agent has broad file system read access, an attacker could craft a prompt to instruct the agent to read this configuration file. This would allow for the exfiltration of the sensitive API key, which could then be used to impersonate the user and send unauthorized notifications or access Pocket Alert resources. Implement strict access controls for the agent's file system interactions, limiting its ability to read arbitrary files, especially sensitive configuration files. Consider using environment variables or a secure secret management system for API keys instead of local plaintext files, or ensure the agent's execution environment is sandboxed to prevent file system access outside its designated working directory. | LLM | SKILL.md:90 | |
| MEDIUM | Unverified external binary download for CLI tool The skill's prerequisites instruct users to download the `pocketalert` CLI binary from `https://info.pocketalert.app/cli.html` and place it in `/usr/local/bin/`. This installation process lacks integrity verification mechanisms (e.g., cryptographic hashes, digital signatures). If an AI agent were to automate this installation, or if a human user follows these instructions, a compromised download source could lead to the installation and execution of malicious software, posing a significant supply chain risk to the host system. Provide cryptographic hashes (e.g., SHA256) or digital signatures for the CLI binary to allow users and automated systems to verify its integrity before execution. Recommend installing via trusted package managers where possible. For automated agents, ensure any external downloads are thoroughly vetted and integrity-checked. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/3e52484ab63b3dca)
Powered by SkillShield