Skillv1.0.1

ClawScan security

Schedule Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 2:59 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions are consistent with a local schedule/reminder manager — it modifies the user's crontab and workspace files but does not request secrets or remote endpoints; review and test locally before use.
Guidance: This skill appears to do what it says (local scheduling and reminders). Before installing: 1) Inspect or provide the referenced run-task.sh (~/.openclaw/workspace/scripts/run-task.sh) because crontab entries call it — its contents determine what runs. 2) Back up your current crontab (crontab -l > before-crontab.txt) so you can restore it if needed. 3) Install/verify the expected TTS tool (edge-tts) if you need TTS reminders; the package.json does not auto-install it. 4) Edit the hard-coded PATH (/home/wang/...) in the script/update_crontab to match your environment. 5) Test in a non-critical account or container to confirm behavior. If you cannot inspect run-task.sh or do not want crontab changes, do not install.

Review Dimensions

Purpose & Capability: noteName/description match the included Python script and SKILL.md: the tool reads/writes a local task file, manages temporary tasks, and updates crontab to run a local run-task.sh. Minor inconsistencies: package.json lists an edge-tts dependency and SKILL.md metadata lists required bins (edge-tts), but there is no install spec to ensure those binaries are present. Those are plausible for a TTS-based reminder skill but are not automatically provisioned.
Instruction Scope: noteRuntime instructions and the script operate within ~/.openclaw/workspace and the user's crontab — which is coherent for a scheduler. The script invokes crontab and delegates actual task execution to RUN_TASK_SCRIPT (~/.openclaw/workspace/scripts/run-task.sh), but that helper script is not included in the package: you must supply or inspect it. The code does not attempt to read unrelated system credentials or exfiltrate data.
Install Mechanism: noteNo install spec is provided (instruction-only / source files), which is lower-risk for hidden downloads. However package.json declares a dependency (edge-tts) but the skill offers no automatic installation steps; the SKILL.md expects an edge-tts binary. This is an inconsistency (dependency present but not installed) you should handle manually.
Credentials: okThe skill requests no environment variables or credentials. It writes files under the user's home workspace and updates the user's crontab — both proportionate to a scheduler. One minor oddity: the crontab PATH contains a hard-coded path (/home/wang/.npm-global/bin) which appears developer-specific and should be reviewed/adjusted before use.
Persistence & Privilege: noteThe skill modifies the user's crontab (persistent scheduled jobs), which is expected for this functionality but is a privileged action: it will create recurring system-level invocations for the account that installs it. always:false (not force-included) and it does not request other skills' credentials.