Security audit

Cron Mastery

Security checks across malware telemetry and agentic risk

Overview

The skill is documentation-only and mostly aligned with cron scheduling, but its examples include privileged recurring cleanup, destructive recovery steps, and hard-coded external delivery details that users should review before installing.

Install only if you are comfortable with scheduled jobs that can wake an agent later. Replace all hard-coded Telegram IDs before use, require explicit user approval before any email/news recurring summary, and treat janitor cleanup or `jobs.json` deletion as privileged destructive maintenance that should be previewed and backed up first.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill recommends manually deleting the internal cron state file (`~/.openclaw/state/cron/jobs.json`) as a troubleshooting step. This is dangerous because it is a destructive action outside the normal scheduling workflow and can erase all scheduled jobs or corrupt service state further if performed incorrectly, especially without backup or operator safeguards.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The template goes beyond cron/scheduling guidance by instructing the agent to search unread emails and external news on a recurring basis. That expands the skill from timing orchestration into autonomous access of potentially sensitive data and third-party sources, increasing privacy and permission risk if copied into real use without explicit user consent and scoping.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs writing the user's timezone to `MEMORY.md`, which creates persistent storage of user-specific personal context without any warning, consent check, or data-minimization guidance. While a timezone may seem low sensitivity, it is still personal profile data and persistence increases privacy risk, especially if combined with other stored user details.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The troubleshooting section advises manual deletion of the cron jobs file without emphasizing that this is destructive and may permanently remove scheduled reminders or maintenance tasks. In a scheduling skill, users may follow this as routine guidance, making accidental operational disruption more likely.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The janitor template instructs automated deletion of disabled jobs based on status without warning that this is a destructive maintenance action. In practice, users or implementers may adopt the pattern and silently remove jobs or evidence needed for debugging, audit, or recovery.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This template directs recurring access to unread emails and external news feeds without any privacy notice, consent guidance, or data-minimization boundary. Because it is presented as a ready-to-use example, it could normalize unattended collection and summarization of personal communications beyond what a user clearly understood or authorized.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal