Back to skill
Skillv1.0.0
ClawScan security
Crontab Wizard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 1:09 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions match its stated purpose (cron expression explanation, generation, validation, and preview) and request no unusual permissions, network access, or credentials.
- Guidance
- This skill appears coherent and self-contained: it runs a local Python script to parse and preview cron expressions and does not request credentials or network access. Before installing, confirm you are comfortable running third-party Python scripts in your environment (review the full script if you want to check for bugs or style issues). If you plan to run it in automated or high-privilege contexts, consider running in an isolated environment (virtualenv or container).
Review Dimensions
- Purpose & Capability
- okThe name and description (crontab parsing/generation/preview) align with the included Python script and SKILL.md examples. There are no unrelated environment variables, binaries, or external services declared or required.
- Instruction Scope
- okSKILL.md explicitly instructs running the bundled Python script with local arguments (explain/generate/validate/next). The instructions do not ask the agent to read arbitrary files, access credentials, or send data to external endpoints; the script operates on provided cron expressions and local time only.
- Install Mechanism
- okNo install spec is provided and the skill is instruction-only plus a local Python script. Nothing is downloaded or written to disk by an installer step—lowest-risk install posture.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The code excerpt shows no access to environment secrets or external services, so requested privileges are proportional to the stated functionality.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated agent-wide privileges. There are no indications it modifies other skills or agent configuration.