Skillv1.0.0

ClawScan security

Cron Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 18, 2026, 2:34 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose, but the script runs stored shell commands with shell=True and uses unsanitized task IDs in filesystem paths — these create realistic risks (command execution and path traversal/file deletion) that are disproportionate and need review before installing.
Guidance: This skill is mostly coherent with its description but contains two practical security concerns you should evaluate before installing or using it: 1) Arbitrary shell execution: The script executes task commands via subprocess.run(..., shell=True). That means any task stored in tasks.json can run arbitrary shell commands with the same privileges as the agent. Only add tasks that you fully trust, and do not allow untrusted agents or users to create/modify tasks. Consider sandboxing execution, avoiding shell=True, or using safe execution wrappers. 2) Path traversal / file operations on task IDs: Task IDs are used directly in filenames (logs and removals) without sanitization. A crafted task_id (e.g., containing ../) could cause the script to read, write, or remove files outside the intended data directory if filesystem permissions allow. Validate/sanitize task IDs and consider restricting CRON_DATA_DIR to a locked directory with proper permissions. Other notes: the schedule parsing and next-run calculation are simplistic and have edge-case bugs (could be CPU-heavy for some inputs). Logs and commands are stored in plaintext under the user's home by default — treat the data directory as sensitive. If you proceed, run the skill in a restricted environment, review tasks.json and logs before executing 'run' actions, and consider patching the script to sanitize IDs and avoid shell=True.

Review Dimensions

Purpose & Capability: okName, description, SKILL.md, and the included script are consistent: a file-based cron manager that stores tasks and logs under a per-skill data directory and exposes CLI actions to list, add, remove, run, etc. The required environment/installation footprint is minimal and matches the stated functionality.
Instruction Scope: noteSKILL.md instructs operators to run scripts/cron_manager.py and the script implements the described commands. However the runtime instructions (and the script) allow executing arbitrary commands provided in task definitions and reading/writing files in a data directory; SKILL.md's assurances (e.g., 'Do not modify system crontabs') are respected, but the agent will run user-provided shell commands on demand — this is expected for a scheduler but is a sensitive capability and should be handled carefully.
Install Mechanism: okInstruction-only skill with no install spec. Nothing is downloaded or written by an installer; the only code is the included script. This is low install risk.
Credentials: okNo required credentials or config paths are declared. The script optionally respects a CRON_DATA_DIR env var (reasonable). There are no requests for unrelated secrets or external service credentials in the manifest or SKILL.md.
Persistence & Privilege: okalways is false and the skill does not request elevated or persistent platform privileges. It writes only to a per-skill data directory (by default under the user's home). Autonomous invocation is allowed by default but not unusual; that alone is not flagged.