Cron Mastery
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The cron guidance is mostly coherent, but its reusable examples include a hard-coded Telegram recipient and privileged cleanup patterns that could send data or delete cron jobs without clear user confirmation.
Before installing, replace all hard-coded Telegram IDs with your own verified destination, confirm each scheduled job before creation, and review any janitor job carefully before allowing it to delete cron entries.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied as written, scheduled reminders or email summaries could be sent to the wrong Telegram account.
A reusable template combines potentially sensitive email summarization with delivery to a concrete Telegram recipient ID. The artifact does not say this ID is a placeholder or require confirming/replacing it with the installing user's destination.
"message": "Good morning! Search for unread emails and top tech news, then summarize them." ... "delivery": { "mode": "announce", "channel": "telegram", "to": "1027899060" }Replace hard-coded contact IDs with placeholders and require explicit user confirmation of the delivery channel and recipient before creating any cron job.
A scheduled cleanup could remove reminders or other cron jobs the user expected to keep, and it operates through a more privileged session.
The guidance explicitly routes maintenance through the fully privileged main session so it can delete cron jobs, without clearly requiring user approval, dry-run review, or rollback.
Sub-agents (`isolated`) often have restricted tool policies and cannot call `gateway` or delete other `cron` jobs. For system maintenance like the Janitor, **always** target the `main` session via `systemEvent` so the primary agent (with full tool access) performs the cleanup.
Make cleanup opt-in, use a dry-run/list step first, ask for confirmation before deletion, and restrict the job to clearly identified cron entries.
The agent may act later on a schedule, including sending notifications or performing recurring tasks.
The skill intentionally teaches persistent scheduled jobs that wake an agent later. This is purpose-aligned for reminders, but users should understand that jobs can run after the original chat turn ends.
**AgentTurn (Proactive):** Wakes an agent to deliver the message. **REQUIRED** for push notifications.
Review scheduled jobs regularly and prefer one-shot jobs with auto-delete for simple reminders.
The user's timezone may be remembered and reused in later tasks.
The skill recommends storing the user's timezone in persistent memory. This is useful for scheduling, but it is persistent personal context.
* **Action:** Add the user's timezone to `MEMORY.md`.
Store only the needed timezone information and let the user edit or remove it if desired.