Automation Scripts
PassAudited by ClawScan on May 10, 2026.
Overview
This looks like an instruction-only automation skill, but its examples can modify files or create recurring scheduled tasks, so users should review commands carefully before running them.
Before installing or using this skill, check that you trust the ClawHub installer source, verify the exact folders and URLs in each command, and be especially careful with batch rename, backup, and schedule commands because they can affect many files or keep running repeatedly.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could accidentally rename many files or copy sensitive documents to the wrong backup location if they run commands without checking the paths.
The documented examples include file-renaming and backup operations that can modify or copy local user data. They are aligned with the automation purpose and are shown as explicit user-run commands, but mistakes in paths or patterns could affect many files.
clawhub auto rename --dir ./photos --pattern "IMG_{date}_{seq}"
clawhub auto backup --source ~/docs --dest ~/backupUse explicit paths, test on a small folder first, and prefer dry-run or preview options if the underlying tool supports them.
A scheduled task could keep taking screenshots or running commands repeatedly until the user disables it.
The README documents recurring scheduled execution. This is expected for an automation skill and is not hidden, but scheduled tasks are a form of persistence that can keep running after setup.
clawhub auto schedule --cron "*/30 * * * *" \ --command "screenshot --url https://example.com"
Only create schedules intentionally, keep a record of what was scheduled, and confirm how to list and remove scheduled jobs.
The installed tool version may change over time, which can make behavior less predictable.
The installation example uses an unpinned @latest package invocation. This is a common install pattern, but it gives the user less version-level control over what installer code runs.
npx clawhub@latest install automation-scripts
Install from trusted sources and consider using pinned versions where supported.