Back to skill
Skillv0.1.0
ClawScan security
AOI Cron Ops (Lite) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 16, 2026, 2:12 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it analyzes a user-provided OpenClaw cron JSON and emits a report-only audit; it does not request credentials, install external code, or exfiltrate data.
- Guidance
- This skill appears safe and coherent, but before using: review the included script yourself (it’s short and readable); run it locally on a sample cron_jobs.json (no network required); inspect cron_jobs.json for any sensitive data before sharing; do not permit any automated "apply" operations unless you explicitly review and approve the proposed patches (the Lite version is report-only, but Pro may add auto-apply features); be aware the tool uses simple heuristics that can generate false positives—validate recommendations manually before changing production schedules.
Review Dimensions
- Purpose & Capability
- okName/description match the included Python analyzer. The tool only needs a cron-list JSON input and the script operates solely on that data; no unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- noteSKILL.md instructs the operator to supply the cron JSON (via OpenClaw or CLI) and to run the included script; the script only reads the given file and prints a report. Note: the heuristics (frequency, duplicate detection via normalized name) are coarse and may produce false positives; the README explicitly requires user approval before applying any changes.
- Install Mechanism
- okNo install spec, no downloads. This is an instruction-only skill with a small included script; nothing is written to disk beyond the operator running the script locally.
- Credentials
- okNo environment variables, secrets, or primary credentials are requested. The script does not reference external services or hidden config.
- Persistence & Privilege
- okalways is false and the skill does not request persistent presence or modify other skills or system-wide settings. disable-model-invocation is default false (normal) but there are no extra privileges in the package.