This seems ripe for remote exploit vulnerability: a push message with scope to execute OS level privileges, a good idea is it?
Better to have a low privilege background deamon on client monitoring an mqtt push notify channel and responding to various types of message according to predetermined ruleset.