ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Evomasterscheduler

v1.0.0

Automates daily health checks, fixes, memory cleanup, backups, improvements, upgrades, and security audits for the OpenClaw environment.

0· 59·1 current·1 all-time
by@blueworldmarketing

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for blueworldmarketing/evomasterscheduler.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Evomasterscheduler" (blueworldmarketing/evomasterscheduler) from ClawHub.
Skill page: https://clawhub.ai/blueworldmarketing/evomasterscheduler
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install evomasterscheduler

ClawHub CLI

Package manager switcher

npx clawhub@latest install evomasterscheduler
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (daily health, backups, fixes, upgrades, security) aligns with the included scripts. Using the openclaw CLI to create crons, run gateway commands, and perform audits is consistent with an OpenClaw maintenance tool. However, the scripts also touch resources outside the described narrow scope (e.g., ~/Obsidian/OpenClaw/scripts/checkpoint-vault.sh and a separate skill's .learnings file), which is broader than a simple scheduler and not justified in the SKILL.md.
!
Instruction Scope
Scripts read and copy sensitive files (~/.openclaw/.env, ~/.openclaw/openclaw.json), create git commits of workspace content, call external scripts that are not included (redis-memory-bridge.py, slack-notify.sh, checkpoint-vault.sh), and write into another skill's directory (~/.openclaw/workspace/skills/xiucheng-self-improving-agent/.learnings). They also invoke external tools (ollama, python3, git) and restart services (openclaw gateway start). The SKILL.md does not document these dependencies or the sensitive reads/writes.
Install Mechanism
This is an instruction-only skill (no remote downloads or installers). All files are present in the skill bundle; there is no external install URL or archive extract. That reduces supply-chain risk relative to a remote download installer.
!
Credentials
The skill declares no required environment variables or credentials, yet its scripts access potentially sensitive configuration and credential files (~/.openclaw/.env, agents config) and copy them into backups and git. It also uses Slack notification helpers and openclaw/ollama/redis utilities that likely depend on credentials or tokens. Not declaring or justifying access to secrets and not listing required tools is a proportionality mismatch.
Persistence & Privilege
The consolidate-crontab.sh will add persistent scheduled jobs to the OpenClaw cron system (openclaw cron add) and the scripts perform recurring tasks (including a 5-minute Redis checkpoint). The skill does not set always:true, but it does create persistent crons and can restart the gateway, so installing/running it gives it ongoing system influence. This persistence is expected for a scheduler but increases blast radius because the scripts operate on sensitive files and other skill directories.
What to consider before installing
Before installing or running this skill: - Inspect the missing helper scripts it calls (bash "$HOME/.openclaw/scripts/slack-notify.sh", redis-memory-bridge.py, and checkpoint-vault.sh). Understand what credentials or tokens those helpers use. - Be aware it copies ~/.openclaw/.env and openclaw.json into backups and runs git commits of workspace content — that can expose secrets. If you keep secrets in .env, remove or redact them before allowing automatic backups or modify the script not to copy .env. - Note the skill writes into another skill's directory (~/.openclaw/workspace/skills/xiucheng-self-improving-agent/.learnings). Confirm you want cross-skill writes and the receiving skill's behavior. - Confirm you have the required binaries (openclaw, git, python3, ollama) on the host and that automatic restart (openclaw gateway start) is acceptable. - Run the consolidation script in a controlled environment (staging) and review the crons it will create (openclaw cron list). Consider running the crons manually first rather than enabling scheduled runs. - If you proceed, restrict permissions on backups and logs, or modify scripts to avoid storing secrets in plaintext or committing backups to git. Given the number of undeclared dependencies and sensitive file operations, treat this skill as suspicious until you verify and sanitize the external helper scripts and the backup behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk979g3b3cvv19mhbt69x6yg74184zn24
59downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@blueworldmarketing
latest
Download

EvoMasterScheduler Skill

The EvoMasterScheduler is a self-evolving system of daily maintenance tasks designed to ensure the health, security, and continuous improvement of the OpenClaw environment.

Daily Schedule

TimeScriptPurpose
03:00cron-diagnose.shSystem health check and error detection
03:00cron-fix.shAutomated remediation of detected issues
03:00cron-memory.shMemory optimization and debris cleanup
03:05cron-backup.shCritical configuration and state backup
03:10cron-improve.shAnalysis of logs to suggest/apply improvements
03:15cron-upgrade.shCheck for and apply stable component updates
03:20cron-security.shSecurity audit and permission validation

Logging

All scripts log to ~/.openclaw/logs/evomaster-$(date +%Y-%m-%d).log.

Installation

Run consolidate-crontab.sh to synchronize these tasks with the system crontab.

Comments

Loading comments...