Casual Cron
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: casual-cron Version: 1.2.0 The OpenClaw AgentSkills skill bundle 'casual-cron' is classified as benign. The `cron_builder.py` script, which is central to the skill, robustly prevents shell injection by utilizing `shlex.quote()` for all user-controlled arguments passed to the `openclaw cron add` command (e.g., `--name`, `--message`, `--channel`, `--to`). This critical security measure is explicitly verified by comprehensive unit tests in `test_cron_builder.py`. Furthermore, the `SKILL.md` includes 'Cron Run Guard (Hard Rules)' which are defensive prompt-injection instructions for the AI agent, limiting its actions when running inside a cron job. The `_parse_message` function in `cron_builder.py` also sanitizes or replaces user-provided messages with predefined content for specific keywords, further reducing the risk of malicious content being scheduled. The skill's functionality is aligned with its stated purpose of creating scheduled reminders within the OpenClaw framework, using the `--session isolated` flag for enhanced security.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken parse or destination could create a scheduled message to the wrong chat or channel.
The skill uses the OpenClaw CLI to create scheduled delivery jobs. This is central to the stated purpose and includes confirmation guidance, but users should verify the generated command, recipient, and channel before execution.
Builds `openclaw cron add` command with correct flags ... Always include `--deliver --channel <channel> --to <destination>`.
Before approving a job, confirm the schedule, message text, channel, and recipient—not just the time and job name.
Recurring reminders may keep sending messages until the user cancels or deletes the cron job.
The skill intentionally creates recurring jobs that will continue sending messages. This is expected for a cron scheduler, but it is persistent behavior.
### /every (repeating) ... Always include `--deliver --channel <channel> --to <destination>`.
Use conservative repeat intervals, review active cron jobs periodically, and delete jobs that are no longer needed.
It may be unclear which copy of the skill or helper script is the active one.
The nested skill metadata reports version 1.1.0 while the registry/top-level metadata reports 1.2.0, and the manifest includes duplicate root and nested copies of SKILL.md and cron_builder.py. This is a packaging/provenance ambiguity rather than direct malicious behavior.
"version": "1.1.0"
Prefer a cleaned package with one canonical skill path and consistent version metadata.