Back to skill
Skillv1.0.1
VirusTotal security
Schedule Manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:22 AM
- Hash
- b7c47c143d102e3664fcd50f83841707ec389ee86111c506486129f2db465a6c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: schedule-manager Version: 1.0.1 The skill manages system schedules by modifying the user's crontab and executing local scripts via subprocess, which are high-risk capabilities. A command injection vulnerability exists in the `update_crontab` function within `scripts/schedule.py`, as it fails to sanitize the `task['name']` before embedding it into the crontab string. While these functions are aligned with the stated purpose of a schedule manager and no clear evidence of intentional malice (like data exfiltration) was found, the insecure handling of system-level configurations poses a significant security risk.
- External report
- View on VirusTotal