ClawHub

Cron Mastery Zc

Security checks across malware telemetry and agentic risk

Overview

This cron guide is mostly instruction-only, but its reusable templates could send messages or email summaries to a fixed Telegram recipient and grant broad recurring cleanup authority.

Review carefully before installing. Replace every Telegram recipient with your own verified destination, avoid copying the email-summary example unless you explicitly approve mailbox access and external delivery, and do not use the janitor or state-file deletion guidance unless you understand which scheduled jobs may be removed and have a backup or recovery plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill advises manually deleting ~/.openclaw/state/cron/jobs.json to recover from cron issues, which is a host-level state mutation outside the normal scope of a scheduling guidance skill. Encouraging direct deletion of gateway state files can cause data loss, break scheduler integrity, and normalize unsafe filesystem intervention instead of using supported recovery procedures.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The template hard-codes delivery of scheduled messages to a specific Telegram recipient, which creates an unjustified external data egress path in a scheduling/tutorial skill. Even if presented as an example, users or downstream agents may reuse it verbatim, causing reminders or other content to be sent to an unrelated third party without consent.

Context-Inappropriate Capability

High
Confidence
94% confidence
Finding
This example instructs a maintenance job to run in the main session with full tool access, which grants broad privileges beyond what a cron tutorial needs. A recurring job with elevated context can perform unintended destructive or sensitive operations repeatedly, amplifying impact if copied into production use.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The recurring example goes beyond scheduling mechanics and directs the agent to access unread emails and top tech news, then send the results externally. That mixes a benign scheduling skill with sensitive data access and exfiltration behavior, increasing the chance that users enable broad permissions they did not expect from this skill.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The skill tells operators to add the user's timezone to MEMORY.md, which modifies persistent user data, but it does not warn that this creates lasting state or that user confirmation/consent may be appropriate. In an agent setting, silent persistence can create privacy surprises, stale profile data, or incorrect future behavior if the timezone changes or was inferred incorrectly.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Sending notifications to a hard-coded Telegram recipient without warning the user conceals an external transmission of potentially sensitive content. In a template, this is especially risky because it encourages copy-paste reuse while bypassing informed consent and verification of the destination.

Missing User Warnings

High
Confidence
98% confidence
Finding
This example combines access to unread emails with delivery of summaries over Telegram but does not warn the user about either the sensitive data access or the outbound transfer. Because the skill is framed as scheduling-focused, this omission is more dangerous: users may not anticipate that enabling the example authorizes both inbox access and external messaging.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal