Scheduler
Security checks across malware telemetry and agentic risk
Overview
This appears to be a local scheduler/task-tracking utility that stores user-entered data on the device, with no artifact evidence of exfiltration, credential use, or destructive behavior.
This skill looks safe for ordinary local scheduling and task notes. Before installing, confirm how the included shell script is wired to the `scheduler` command, and do not store secrets or highly sensitive information in scheduler entries because they are saved in local log files.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Tasks, reminders, and notes entered into the scheduler remain on the local machine and may be shown back to the agent or exported later.
The tool persists arbitrary user-entered scheduler text in local log files and records history for later display/export.
DATA_DIR="${HOME}/.local/share/scheduler" ... echo "$ts|$input" >> "$DATA_DIR/add.log" ... _log "add" "$input"Use it for ordinary scheduling data, but avoid entering passwords, tokens, private keys, or instructions that should not be reused later.
A user may need to understand how the included script becomes the `scheduler` command before relying on it.
The registry describes no install mechanism while also including a runnable shell script and documenting a `scheduler` command, which makes the exact installation/execution path less clear.
No install spec — this is an instruction-only skill. Code file presence: scripts/script.sh
Install only from the stated source, review how the `scheduler` command is created, and avoid granting extra permissions beyond normal local user access.