Scheduled Tasks | 定时任务

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward scheduled-task helper, but users should be careful because its examples can create recurring messages to Feishu recipients.

Install this only if you want help creating scheduled reminders or automated workflows. Before using Feishu examples, verify the schedule, account, recipient ID, and message content, test with a safe target, and periodically remove or disable jobs you no longer need.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill provides concrete examples for scheduled Feishu delivery to users, but it does not explicitly warn that these jobs can send automated outbound messages without real-time user review. In a scheduling skill, that omission matters because users may deploy persistent notification workflows that affect privacy, consent, or create unintended spam/misdelivery.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The crontab section shows unattended scripts that invoke `openclaw agent --deliver` to message external users, but it lacks a clear warning that these scripts will run autonomously and continue sending messages until removed. That creates risk of accidental persistent outbound messaging, privacy issues, and operational misuse if the script or target is misconfigured.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal