← 返回 Skills 市场
2125
总下载
2
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install pocketalert
功能描述
The Pocket Alert (pocketalert.app) skill for OpenClaw enables OpenClaw agents and workflows to send push notifications to iOS and Android devices. It is used to deliver alerts and updates from automated tasks, workflows, and background processes.
安全使用建议
This instruction-only skill appears to be a straightforward wrapper around the Pocket Alert CLI, but proceed cautiously. Before installing or using it: 1) Verify the CLI download URL (info.pocketalert.app) and prefer official releases or checksums; 2) Confirm the Pocket Alert service is legitimate (look for a homepage, privacy/security policy, and upstream source code or documentation) — the registry metadata here lacks a homepage; 3) Avoid pasting your primary API key into tools you don't fully trust; consider creating a scoped API key for automation; 4) Be aware the skill's examples run host commands (uptime, systemctl) and reference ~/.pocketalert/config.json — these can expose secrets or system state if an agent executes them; restrict agent permissions or run on a low-privilege host; 5) If you need higher assurance, ask the publisher for source code or a homepage and prefer an install path via a known release host (GitHub releases, vendor site) rather than an unknown package. If you cannot verify the CLI or publisher, treat this skill as higher risk and avoid giving it real credentials or allowing autonomous execution on sensitive systems.
功能分析
Type: OpenClaw Skill
Name: pocketalert
Version: 1.0.2
The skill is classified as suspicious due to several risky capabilities, even though they are presented for legitimate purposes. The `SKILL.md` file instructs the agent to download and execute an external binary from `https://info.pocketalert.app/cli.html`, which is a supply chain risk. Furthermore, it demonstrates the execution of local commands like `uptime`, `hostname`, and `systemctl` to generate message content, indicating the agent's capability to run arbitrary shell commands. Finally, the ability to set a custom `base_url` for the API client could allow redirection of all API traffic to an arbitrary endpoint, posing a potential data exfiltration or redirection risk.
能力评估
Purpose & Capability
Name, description, and SKILL.md consistently describe a CLI-based integration with Pocket Alert and all shown commands (send, apps, devices, webhooks, apikeys, config) match that stated purpose. However the registry metadata lacks a homepage/source even though the SKILL.md points to an external download URL (info.pocketalert.app); that missing metadata reduces transparency.
Instruction Scope
SKILL.md is instruction-only and limits actions to running the pocketalert CLI. Examples also show using system commands (uptime, systemctl) and cron, and it documents the config location (~/.pocketalert/config.json). Those are reasonable for a monitoring/alerting tool, but they also mean an agent following these instructions could run host-level commands and read/write the CLI config (which may contain API keys). The instructions do not explicitly direct exfiltration, but they give the agent the ability to access sensitive local information.
Install Mechanism
There is no automated install spec (instruction-only), so nothing is written to disk by the skill itself. The SKILL.md tells users to download the CLI from an external URL; because installation is manual, this reduces automatic risk but requires the user to verify the download source and integrity.
Credentials
The skill declares no required environment variables or credentials, which is proportionate. The CLI stores credentials in ~/.pocketalert/config.json and exposes commands like 'apikeys list' and 'config' that reveal/manage API keys; an agent executing those commands could expose secrets. The skill does not request unrelated credentials, but users should be aware that interacting with the CLI involves local credential files.
Persistence & Privilege
The skill is not marked always:true and uses default autonomous invocation settings. That is normal. Nevertheless, because it instructs use of a CLI that can run system commands and access local config, enabling autonomous invocation increases the blast radius if the agent is allowed to run shell commands on sensitive hosts.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pocketalert - 安装完成后,直接呼叫该 Skill 的名称或使用
/pocketalert触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Removed API keys management section
v1.0.1
Updated name and description
v1.0.0
Initial release
元数据
常见问题
Pocketalert 是什么?
The Pocket Alert (pocketalert.app) skill for OpenClaw enables OpenClaw agents and workflows to send push notifications to iOS and Android devices. It is used to deliver alerts and updates from automated tasks, workflows, and background processes. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2125 次。
如何安装 Pocketalert?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pocketalert」即可一键安装,无需额外配置。
Pocketalert 是免费的吗?
是的,Pocketalert 完全免费(开源免费),可自由下载、安装和使用。
Pocketalert 支持哪些平台?
Pocketalert 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pocketalert?
由 Akellacom(@akellacom)开发并维护,当前版本 v1.0.2。
推荐 Skills