Back to skill
Skillv1.3.0
ClawScan security
Linsoai Track · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 25, 2026, 10:17 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions match its stated purpose (natural‑language scheduling and notifications); nothing requested or instructed is disproportionate or unexplained.
- Guidance
- This skill is coherent for scheduling and notifications. Before installing: (1) Decide which notification channels you'll configure and only add trusted channels (Telegram bot tokens, Slack/Discord webhooks, SMTP credentials). (2) If you enable email notifications, use a trusted send-email skill and protect SMTP credentials; do not paste secrets into task descriptions. (3) Be cautious when using webhook/curl notifications — only target trusted endpoints to avoid accidental data exfiltration. (4) When bulk‑importing tasks, review the parsed tasks before creation to avoid creating many unintended tasks or tasks that send data externally. (5) If you want to limit persistence of preferences, check OpenClaw agent settings for stored memories/preferences and revoke them if needed.
Review Dimensions
- Purpose & Capability
- okName/description (task scheduling, cron/interval/one‑time triggers, notifications) align with the SKILL.md and included reference docs. The skill requests no unrelated binaries, env vars, or config paths.
- Instruction Scope
- noteInstructions stay on‑task (parse user NL, produce cron/--every/--at parameters, create/manage tasks, route notifications). They explicitly instruct the agent to use OpenClaw messaging and optionally the send-email skill or curl webhooks to deliver notifications — which is expected for a notification-capable scheduler. Note: because messages may include arbitrary curl/webhook commands or channel instructions, a created task could cause the agent to send data to an external endpoint; users should avoid embedding secrets in task messages and only target trusted webhook/IM endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. Nothing is downloaded or written by the skill itself; low installation risk.
- Credentials
- noteThe skill declares no required environment variables or credentials. Reference docs mention SMTP env vars for the optional send-email skill (SMTP_USER/SMTP_PASS, MAIL_FROM) — this is expected and optional for email notifications. No unexplained credential requests are present. Users should only provide SMTP / channel tokens to the respective skills/channels they trust.
- Persistence & Privilege
- notealways:false (normal). SKILL.md says the assistant should "记住用户偏好" (remember preferred notification channel/timezone). That implies storing preferences in agent state or OpenClaw user settings; this is typical but users should be aware preferences (e.g., preferred channel IDs) may be persisted by the platform.