Diagnose Scheduled Job Trigger Vs Execution Failure

Security checks across malware telemetry and agentic risk

Overview

This skill is a purpose-aligned OpenClaw scheduling and notification guide, with disclosed local cron edits and test notifications.

Install only if you want an agent to manage OpenClaw reminders or follow-up delivery. Before approving changes, confirm the cron schedule, destination chat, message payload, and whether a manual verification run may send a real test notification.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs operators to manually trigger scheduled jobs, inspect delivery state, and verify output files, but it never warns that these steps can cause real executions, write artifacts, or send external messages. In an operational agent setting, this can lead to unintended side effects during diagnosis or regression testing, especially when tasks include publishing, notifications, or file generation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal