Cron Mastery
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: cron-mastery Version: 1.0.3 The skill demonstrates the use of `systemEvent` payloads targeting the `main` session, which grants the primary agent 'full tool access' and allows it to execute arbitrary instructions provided in the `text` field. While the example instruction in `references/templates.md` ('List all cron jobs... Delete any disabled jobs... Report results.') is for legitimate system maintenance, this mechanism represents a significant prompt injection vulnerability. A malicious actor could potentially craft a `systemEvent` payload to instruct the main agent to perform unauthorized actions (e.g., data exfiltration, arbitrary command execution) if they could inject or modify cron jobs. This is a risky capability without clear malicious intent in the provided examples, thus classified as suspicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied as written, scheduled reminders or email summaries could be sent to the wrong Telegram account.
A reusable template combines potentially sensitive email summarization with delivery to a concrete Telegram recipient ID. The artifact does not say this ID is a placeholder or require confirming/replacing it with the installing user's destination.
"message": "Good morning! Search for unread emails and top tech news, then summarize them." ... "delivery": { "mode": "announce", "channel": "telegram", "to": "1027899060" }Replace hard-coded contact IDs with placeholders and require explicit user confirmation of the delivery channel and recipient before creating any cron job.
A scheduled cleanup could remove reminders or other cron jobs the user expected to keep, and it operates through a more privileged session.
The guidance explicitly routes maintenance through the fully privileged main session so it can delete cron jobs, without clearly requiring user approval, dry-run review, or rollback.
Sub-agents (`isolated`) often have restricted tool policies and cannot call `gateway` or delete other `cron` jobs. For system maintenance like the Janitor, **always** target the `main` session via `systemEvent` so the primary agent (with full tool access) performs the cleanup.
Make cleanup opt-in, use a dry-run/list step first, ask for confirmation before deletion, and restrict the job to clearly identified cron entries.
The agent may act later on a schedule, including sending notifications or performing recurring tasks.
The skill intentionally teaches persistent scheduled jobs that wake an agent later. This is purpose-aligned for reminders, but users should understand that jobs can run after the original chat turn ends.
**AgentTurn (Proactive):** Wakes an agent to deliver the message. **REQUIRED** for push notifications.
Review scheduled jobs regularly and prefer one-shot jobs with auto-delete for simple reminders.
The user's timezone may be remembered and reused in later tasks.
The skill recommends storing the user's timezone in persistent memory. This is useful for scheduling, but it is persistent personal context.
* **Action:** Add the user's timezone to `MEMORY.md`.
Store only the needed timezone information and let the user edit or remove it if desired.