ClawHub

Create Cron Job

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only helper for creating OpenClaw scheduled jobs, with expected persistence risks that users should confirm before use.

Install only if you want an agent to help create OpenClaw cron jobs. Before any job is added or tested, confirm the schedule, target agent, session mode, delivery target, webhook URL if used, and whether the job should be one-shot or recurring. Prefer isolated or light-context jobs unless conversation context is necessary, and periodically review or delete old cron jobs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description contains very broad trigger phrases like 'schedule a task,' 'create a reminder,' and 'run something at a specific time,' which can match a wide range of ordinary user requests. In an agentic system, this increases the chance the skill is invoked automatically in contexts where the user did not explicitly consent to creating persistent scheduled execution, potentially leading to unintended automation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions tell the agent how to create scheduled jobs and later explicitly test them with immediate execution, but they do not require a user-facing warning or confirmation that the action creates persistent automated behavior. Because cron jobs can run repeatedly and the testing step can trigger immediate execution, omission of an explicit warning materially raises the risk of surprising or unauthorized actions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal