ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Opencron Skill Repo

v1.0.1

Visual cron job dashboard for OpenClaw — live countdown timers, run history, calendar view

0· 105·0 current·0 all-time
byFloris Jan-Werner van der Harst@firstfloris
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The stated purpose (visual OpenClaw cron dashboard) matches the included code that reads ~/.openclaw/cron/jobs.json, writes canvas files, and serves or generates HTML. However the package metadata claims no required config paths or env vars while the SKILL.md and code clearly rely on HOME/.openclaw paths and an OPENCLAW_GATEWAY_TOKEN (used in examples/URLs). The installer (bin/install.js) invokes git but git is not declared in required binaries. These omissions are incoherent with the skill's operational needs.
!
Instruction Scope
Runtime instructions tell the agent to always append a public dashboard URL including ${OPENCLAW_GATEWAY_TOKEN} after every cron job run and to resolve HOST_IP via curl to ifconfig.me. That directs the agent to call an external service and to expose a gateway token in a publicly reachable URL — actions that go beyond simply 'showing a dashboard' and increase risk of token leakage and data exposure.
Install Mechanism
There is no formal install spec in the registry entry, but a bundled bin/install.js clones a GitHub repo and runs update_canvas.py. Cloning from GitHub is common, but the installer executes git and Python scripts (execFileSync) — the manifest did not declare git as required. The dashboard HTML is fetched from a raw GitHub URL (acceptable), but cloning/executing external repo contents should be treated as running third-party code.
!
Credentials
The registry lists no required environment variables, yet SKILL.md and examples rely on CANVAS_PORT and OPENCLAW_GATEWAY_TOKEN and instruct resolving them for public URLs. The skill also reads user-local files (~/.openclaw/cron/jobs.json and potentially run logs). Requesting no declared credentials while instructing the agent to use and embed a gateway token is a mismatch and can lead to unintentional disclosure of sensitive tokens.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. However the instructions explicitly require that every cron job's output includes a final line with a public URL containing the gateway token; if the agent invokes this skill autonomously that behavior could become automatic and spread the token. Autonomous invocation plus the token-exposure instruction raises the operational risk even though no elevated platform privilege is requested.
What to consider before installing
This skill appears to implement the dashboard it describes, but there are clear inconsistencies and a real risk of leaking your gateway token. Things to consider before installing: - The SKILL.md and scripts use OPENCLAW_GATEWAY_TOKEN and CANVAS_PORT but the registry metadata does not declare these env vars — confirm where that token comes from and whether you are comfortable it will be placed into URLs. - The instructions explicitly tell the agent to build a public URL containing the gateway token and to fetch the public IP via an external service (ifconfig.me). Embedding a token in a query string makes it visible to anyone who can see logs, browser history, reverse proxies, or referer headers — avoid this unless the token is disposable or you control access carefully. - The included installer runs git (not declared) and executes Python scripts that read files under ~/.openclaw. Only install from a source you trust; review the repo contents locally before running the installer. - If you want this functionality but not the token-exposure behavior: modify update_canvas.py / SKILL.md to avoid putting the gateway token in client-side URLs. Instead, require server-side token validation (proxy the token check in nginx) or use short-lived access links. If you do proceed, run the install in an isolated environment, inspect and possibly harden the nginx reverse-proxy configuration (don’t accept tokens in query strings, enforce POST-only where appropriate, restrict what /runs/ exposes), and declare any environment variables/config paths in the skill metadata so the behavior matches what is advertised.
bin/install.js:23
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eenk3fhkcqfk16jeav4v0898331vg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binspython3

Comments