Task Scheduler

The skill's instructions match a scheduler's purpose, but they permit running arbitrary shell commands and file operations and posting results to external channels without declaring required credentials or sandboxing — this broad scope can lead to data exposure or destructive actions if misused.

This scheduler appears to do what it says, but it gives the agent permission (via instructions) to run arbitrary shell commands, access files (e.g., /tmp, DB files, git repos), and post results to external channels. Before installing: 1) Only enable in a trusted, sandboxed environment (or require that scheduled jobs run in an isolated container/session). 2) Verify which integrations/tokens the agent already has (Telegram/Discord) — the skill doesn’t declare or request them explicitly. 3) Require manual approval or multi-party confirmation for destructive or sensitive tasks, and test with harmless commands first. 4) Limit delivery channels and redact outputs that may contain secrets. 5) Audit scheduled-job logs and retention, and restrict who can create/cancel jobs. If you cannot enforce sandboxing or auditing, treat this skill as high-risk and avoid installing it on systems with sensitive data or credentials.