ClawHub

Casual Cron

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed reminder scheduler, with practical cautions around its fixed New York timezone default and message-delivery behavior.

Install only if you want the agent to create OpenClaw cron jobs that can send messages through external channels. Before finalizing any job, confirm the timezone, recipient, message text, recurrence, and whether the job will delete itself after one run; users outside America/New_York should be especially careful.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
Hard-coding `America/New_York` for one-shot clock-time conversion can cause jobs to execute at the wrong local time for users in other regions, leading to misdelivery or unintended actions. In a scheduling skill, time interpretation is security-relevant because it directly controls when messages or automated tasks are sent.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
For recurring jobs, fixing `--tz "America/New_York"` without opt-in can silently shift all future executions relative to the user's actual region, creating persistent misfires. Because this skill can deliver messages to external channels like Telegram, Slack, or Signal, incorrect recurrence timing can cause repeated unwanted notifications or operational disruption.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill advertises very broad natural-language triggers such as any request to schedule reminders or messages, which can overlap with ordinary conversation and cause unintended activation. In an agentic environment, that can lead to accidental cron creation, message delivery to external channels, or misuse of scheduling capabilities without sufficiently explicit user intent.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill hardcodes America/New_York as the timezone for clock-based scheduling without clear user opt-in, which can cause jobs to run at unintended times for users in other locales. Because this skill can send messages on external channels, a timezone mismatch can create privacy, reliability, or operational issues by delivering reminders at the wrong hour or date.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script unconditionally appends --deliver and sometimes --delete-after-run, causing the generated command to actively send messages and potentially erase evidence of the scheduled job after execution. In a scheduling skill, hidden side-effect flags are more dangerous because users may believe they are only previewing or constructing a cron command, while the generated command is ready to perform real delivery and one-shot self-removal.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal