← 返回 Skills 市场
63
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install web-push
功能描述
Send Web Push notifications from a Node.js backend using the web-push npm library (VAPID authentication, payload encryption). Covers generating VAPID keys, s...
使用说明 (SKILL.md)
Web Push Notifications
Send push notifications to browsers (Chrome, Firefox, Edge, Safari) using the web-push npm library, which implements the Web Push Protocol with VAPID authentication and payload encryption per Message Encryption for Web Push.
Use Cases
Use when working with Push API subscriptions, browser push notifications, VAPID key management, Web Push Protocol implementation, or web-push npm package integration.
Quick Start
const webpush = require('web-push');
// 1. Generate VAPID keys ONCE, store permanently
const vapidKeys = webpush.generateVAPIDKeys();
// 2. Set credentials
webpush.setGCMAPIKey('\x3CYour GCM API Key Here>');
webpush.setVapidDetails(
'mailto:[email protected]',
vapidKeys.publicKey,
vapidKeys.privateKey
);
// 3. Subscribe in the browser (client-side)
// registration.pushManager.subscribe({
// userVisibleOnly: true,
// applicationServerKey: vapidPublicKey
// });
// 4. Send from server
const pushSubscription = {
endpoint: 'https://fcm.googleapis.com/fcm/send/...',
keys: { p256dh: '...', auth: '...' }
};
await webpush.sendNotification(pushSubscription, 'Hello World');
Core Workflows
Generate VAPID Keys
Generate once, store permanently. The public key is used as applicationServerKey in the browser. Never regenerate for the same application — you'll break existing subscriptions.
const vapidKeys = webpush.generateVAPIDKeys();
// { publicKey: '...', privateKey: '...' }
Set Credentials
webpush.setVapidDetails(
'mailto:[email protected]', // mailto: or https: URI
process.env.VAPID_PUBLIC_KEY,
process.env.VAPID_PRIVATE_KEY
);
Subscribe in the Browser
// Client-side Service Worker
registration.pushManager.subscribe({
userVisibleOnly: true,
applicationServerKey: urlBase64ToUint8Array(publicKey)
});
// Returns PushSubscription → send to server and store
Send a Notification
await webpush.sendNotification(pushSubscription, 'Hello World', {
// vapidDetails overrides global setVapidDetails
TTL: 60, // seconds push service retains (default: 4 weeks)
urgency: 'high', // very-low | low | normal | high
topic: 'updates', // coalesce notifications, max 32 URL-safe base64 chars
contentEncoding: 'aes128gcm', // default; 'aesgcm' for legacy
timeout: 5000, // socket timeout in ms
});
Encrypt Without Sending
const encrypted = await webpush.encrypt(
subscription.keys.p256dh,
subscription.keys.auth,
'My Payload',
'aes128gcm'
);
// { localPublicKey, salt, cipherText }
Generate Request Details Without Sending
const details = webpush.generateRequestDetails(
pushSubscription,
payload,
{ vapidDetails: {...}, contentEncoding: 'aes128gcm' }
);
// { endpoint, method: 'POST', headers, body: Buffer }
CLI Usage
# Install
npm install web-push -g
# Generate VAPID keys
web-push generate-vapid-keys --json
# Send notification
web-push send-notification \
--endpoint=https://fcm.googleapis.com/fcm/send/... \
--key=\x3Cp256dh> --auth=\x3Cauth_secret> \
--vapid-subject=mailto:[email protected] \
--vapid-pubkey=\x3Cpub> --vapid-pvtkey=\x3Cpriv> \
--payload="Hello" [--ttl=\x3Cseconds>] [--encoding=aesgcm|aes128gcm]
Critical Pitfalls
- VAPID keys: Generate ONCE. Store them. Never regenerate for the same app — breaks existing subscriptions.
- Safari + localhost: Safari rejects VAPID with
BadJwtTokenif subject ishttps://localhost. Usemailto:instead. - Payload encryption: The PushSubscription MUST include
keys.p256dhandkeys.auth. Without them, only empty payloads work. - Encoding:
aes128gcm(default) for modern browsers;aesgcmonly for legacy Chrome \x3C 50 and Opera.
Browser Compatibility
| Browser | Push w/o Payload | Push w/ Payload | VAPID |
|---|---|---|---|
| Chrome | v42+ | v50+ | v52+ |
| Edge | v17+ | v17+ | v17+ |
| Firefox | v44+ | v44+ | v46+ |
| Safari | v16+ (macOS 13) | v16+ | v16+ |
| Opera | v39+ (Android) | v39+ (Android) | ✗ |
| Samsung | v4+ | v5+ | ✗ |
Full API Reference
See references/webpush.md for all functions (sendNotification, generateVAPIDKeys, setGCMAPIKey, setVapidDetails, encrypt, getVapidHeaders, generateRequestDetails) with detailed parameter tables and return types.
安全使用建议
This appears safe as an instruction-only Web Push reference. Before using it, protect VAPID private keys, GCM/API keys, and subscription auth secrets; install the npm package from a trusted source with pinned versions for production; and send notifications only to users who have explicitly subscribed.
功能分析
Type: OpenClaw Skill
Name: web-push
Version: 1.0.0
The skill bundle provides documentation and code examples for using the legitimate 'web-push' npm library to send browser notifications. It follows security best practices by recommending the use of environment variables for VAPID keys and contains no evidence of malicious intent, data exfiltration, or prompt injection.
能力标签
能力评估
Purpose & Capability
The skill's capabilities match its stated purpose: generating VAPID keys, handling subscriptions, and sending browser push notifications. Users should recognize that it can be used to contact subscribed browsers.
Instruction Scope
The instructions are reference-style and user-directed, but examples include sending notifications and passing subscription/authentication secrets in commands.
Install Mechanism
There is no automatic install spec or bundled code. The docs suggest npm installing the expected web-push package, including a global install example, which users should treat as normal but still verify.
Credentials
No broad filesystem access, background process, shell automation, or unrelated network destination is shown beyond normal Web Push provider endpoints.
Persistence & Privilege
The skill tells users to generate VAPID keys once and store them permanently, which is expected for Web Push but requires careful secret handling.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install web-push - 安装完成后,直接呼叫该 Skill 的名称或使用
/web-push触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the web-push skill for Node.js.
- Provides concise instructions for generating VAPID keys, setting credentials, browser subscription flow, and sending notifications using the web-push npm library.
- Includes CLI examples, coverage of core workflows, description of common pitfalls, and browser compatibility tables.
- References full API documentation for all available functions.
元数据
常见问题
Web Push Notifications 是什么?
Send Web Push notifications from a Node.js backend using the web-push npm library (VAPID authentication, payload encryption). Covers generating VAPID keys, s... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 63 次。
如何安装 Web Push Notifications?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install web-push」即可一键安装,无需额外配置。
Web Push Notifications 是免费的吗?
是的,Web Push Notifications 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Web Push Notifications 支持哪些平台?
Web Push Notifications 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Web Push Notifications?
由 OpenLark(@openlark)开发并维护,当前版本 v1.0.0。
推荐 Skills