Back to skill
Skillv1.0.0
VirusTotal security
Cron Manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 18, 2026, 2:41 AM
- Hash
- 931ca1c734030ed282b480fd4f30e64c382810dba5e6f9e8e4879f63593b3799
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cron-manager Version: 1.0.0 The skill provides a local task management system that allows for the scheduling and execution of arbitrary shell commands. The primary risk is found in `scripts/cron_manager.py`, which uses `subprocess.run(shell=True)` to execute commands stored in `tasks.json`. While this functionality is consistent with the stated purpose of a cron manager, the lack of command sanitization and the use of a shell environment represent a high-risk capability that could be easily exploited via prompt injection to achieve Remote Code Execution (RCE). No evidence of intentional malice, such as hardcoded backdoors or data exfiltration, was found.
- External report
- View on VirusTotal