ClawHub

Schedule Manager

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a task/reminder scheduler, but it can modify the user's crontab and send reminder content to Feishu with incomplete safety disclosure.

Review before installing. Only use it if you are comfortable letting the skill create and change cron jobs on your machine, and avoid putting sensitive information in reminders that may be sent through Feishu. Prefer installing after the publisher adds validation, explicit confirmations, a managed cron block, and clear cleanup/privacy warnings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# 使用 crontab 命令
    try:
        proc = subprocess.Popen(['crontab', '-'], stdin=subprocess.PIPE, 
                               stdout=subprocess.PIPE, stderr=subprocess.PIPE)
        stdout, stderr = proc.communicate(crontab_content.encode())
        if proc.returncode == 0:
Confidence
88% confidence
Finding
proc = subprocess.Popen(['crontab', '-'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
This skill goes beyond data management and modifies the user's system crontab, creating persistence. In context, that is especially sensitive because task data is user-controlled and turned into scheduled execution entries, so misuse can create lasting unauthorized jobs or break existing cron configuration.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation advertises delete and cleanup operations but does not clearly warn that these actions remove scheduled reminders or purge expired temporary task records. This increases the risk of unintended destructive actions and data loss, especially because task names and temp IDs are user-facing management handles.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill supports Feishu notifications, which may send reminder text and schedule content to an external service, but the documentation does not warn users about that privacy boundary. Reminder messages can contain sensitive personal or work information, so silent external transmission can lead to unintended disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal