Cron Evaluator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its cron-auditing purpose, but it includes code paths that can run unreviewed local modules or unsafe PyTorch model files.
Before installing, be comfortable with the agent reading your cron entries. Prefer removing or fixing the v2 hardcoded external import and changing the v3 model load to a safe, verified format before running the included scripts.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can see and display scheduled command lines, which may reveal paths, internal workflows, or secrets embedded in cron commands.
The evaluator reads local cron definitions from both hardcoded workspace files and the current user's crontab. This is purpose-aligned for cron auditing, but users should know it exposes scheduled command text to the agent/output.
crontab_file = Path(path) / '.openclaw' / 'crontab' ... content = crontab_file.read_text() ... result = os.popen('crontab -l 2>/dev/null').read()Run it only where sharing cron command contents is acceptable, avoid placing secrets directly in cron entries, and make any extra workspace scan paths configurable and disclosed.
If a matching module exists at that path, running v2 could execute unreviewed local code with the user's privileges.
When v2 is run, Python searches a hardcoded external directory and imports a module outside the supplied package; importing that module would execute its top-level code without review or provenance.
sys.path.insert(0, '/mnt/Morgana')
try:
from kan_auto_evolution import KANAutoEvolverRemove the absolute sys.path insertion, vendor or pin any dependency inside the skill with clear provenance, or make the optional integration fail closed without importing unreviewed paths.
Running v3 in a directory containing an untrusted or tampered cron_kan.pt file could execute arbitrary code as the user.
torch.load with weights_only=False uses pickle-style deserialization, which can execute code if the model file is malicious or replaced; the referenced model is not included with reviewed provenance.
MODEL_PATH = 'models/cron_kan.pt' checkpoint = torch.load(MODEL_PATH, map_location='cpu', weights_only=False)
Use weights_only=True or a safer format such as safetensors, verify model hashes/provenance, and do not load untrusted .pt files.