← Back to Skills Marketplace
2125
Downloads
2
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install pocketalert
Description
The Pocket Alert (pocketalert.app) skill for OpenClaw enables OpenClaw agents and workflows to send push notifications to iOS and Android devices. It is used to deliver alerts and updates from automated tasks, workflows, and background processes.
Usage Guidance
This instruction-only skill appears to be a straightforward wrapper around the Pocket Alert CLI, but proceed cautiously. Before installing or using it: 1) Verify the CLI download URL (info.pocketalert.app) and prefer official releases or checksums; 2) Confirm the Pocket Alert service is legitimate (look for a homepage, privacy/security policy, and upstream source code or documentation) — the registry metadata here lacks a homepage; 3) Avoid pasting your primary API key into tools you don't fully trust; consider creating a scoped API key for automation; 4) Be aware the skill's examples run host commands (uptime, systemctl) and reference ~/.pocketalert/config.json — these can expose secrets or system state if an agent executes them; restrict agent permissions or run on a low-privilege host; 5) If you need higher assurance, ask the publisher for source code or a homepage and prefer an install path via a known release host (GitHub releases, vendor site) rather than an unknown package. If you cannot verify the CLI or publisher, treat this skill as higher risk and avoid giving it real credentials or allowing autonomous execution on sensitive systems.
Capability Analysis
Type: OpenClaw Skill
Name: pocketalert
Version: 1.0.2
The skill is classified as suspicious due to several risky capabilities, even though they are presented for legitimate purposes. The `SKILL.md` file instructs the agent to download and execute an external binary from `https://info.pocketalert.app/cli.html`, which is a supply chain risk. Furthermore, it demonstrates the execution of local commands like `uptime`, `hostname`, and `systemctl` to generate message content, indicating the agent's capability to run arbitrary shell commands. Finally, the ability to set a custom `base_url` for the API client could allow redirection of all API traffic to an arbitrary endpoint, posing a potential data exfiltration or redirection risk.
Capability Assessment
Purpose & Capability
Name, description, and SKILL.md consistently describe a CLI-based integration with Pocket Alert and all shown commands (send, apps, devices, webhooks, apikeys, config) match that stated purpose. However the registry metadata lacks a homepage/source even though the SKILL.md points to an external download URL (info.pocketalert.app); that missing metadata reduces transparency.
Instruction Scope
SKILL.md is instruction-only and limits actions to running the pocketalert CLI. Examples also show using system commands (uptime, systemctl) and cron, and it documents the config location (~/.pocketalert/config.json). Those are reasonable for a monitoring/alerting tool, but they also mean an agent following these instructions could run host-level commands and read/write the CLI config (which may contain API keys). The instructions do not explicitly direct exfiltration, but they give the agent the ability to access sensitive local information.
Install Mechanism
There is no automated install spec (instruction-only), so nothing is written to disk by the skill itself. The SKILL.md tells users to download the CLI from an external URL; because installation is manual, this reduces automatic risk but requires the user to verify the download source and integrity.
Credentials
The skill declares no required environment variables or credentials, which is proportionate. The CLI stores credentials in ~/.pocketalert/config.json and exposes commands like 'apikeys list' and 'config' that reveal/manage API keys; an agent executing those commands could expose secrets. The skill does not request unrelated credentials, but users should be aware that interacting with the CLI involves local credential files.
Persistence & Privilege
The skill is not marked always:true and uses default autonomous invocation settings. That is normal. Nevertheless, because it instructs use of a CLI that can run system commands and access local config, enabling autonomous invocation increases the blast radius if the agent is allowed to run shell commands on sensitive hosts.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pocketalert - After installation, invoke the skill by name or use
/pocketalert - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Removed API keys management section
v1.0.1
Updated name and description
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Pocketalert?
The Pocket Alert (pocketalert.app) skill for OpenClaw enables OpenClaw agents and workflows to send push notifications to iOS and Android devices. It is used to deliver alerts and updates from automated tasks, workflows, and background processes. It is an AI Agent Skill for Claude Code / OpenClaw, with 2125 downloads so far.
How do I install Pocketalert?
Run "/install pocketalert" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pocketalert free?
Yes, Pocketalert is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Pocketalert support?
Pocketalert is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pocketalert?
It is built and maintained by Akellacom (@akellacom); the current version is v1.0.2.
More Skills