Oban Designer
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the recommended dependency changes the application supply chain.
The skill tells users to add the external Oban package. This is central to the stated purpose, but it still introduces a dependency that should be reviewed and locked by the user's project.
{:oban, "~> 2.18"}Review the resolved package version and lockfile, use trusted package sources, and test the Oban migration in development or staging first.
A generated or copied cleanup worker could delete application records automatically if deployed.
The cleanup worker example performs database deletion. This is purpose-aligned for a background cleanup pattern and scoped to old records, but copied code would mutate production data.
from(t in MyApp.Accounts.UserToken, where: t.inserted_at < ^cutoff) |> Repo.delete_all()
Review deletion criteria, retention periods, backups, and dry-run behavior before scheduling cleanup jobs in production.
If used without validation, webhook jobs could send data to unintended or untrusted endpoints.
The webhook worker example sends a job-provided payload to a job-provided URL. Webhook delivery is an expected background job use case, but destination and payload handling need validation in real applications.
case Req.post(url, json: payload, headers: headers, receive_timeout: 25_000) do
Validate or allowlist webhook destinations, minimize payload contents, and avoid placing sensitive secrets directly in job arguments unless protected appropriately.
Scheduled workers can repeatedly perform actions such as cleanup, metrics collection, or notifications.
The skill documents recurring background jobs. This persistence is expected for Oban cron scheduling, but recurring jobs continue running after deployment until disabled.
{Oban.Plugins.Cron, crontab: [{"0 2 * * *", MyApp.Workers.DailyCleanup}, {"*/5 * * * *", MyApp.Workers.MetricsCollector}]}Confirm cron schedules, job idempotency, and disable/rollback procedures before enabling recurring jobs in production.