ClawHub

Cron定时任务管理器

Security checks across malware telemetry and agentic risk

Overview

This skill mostly manages OpenClaw scheduled tasks as advertised, but it also tells the agent to make an automatic persistent edit to the user's OpenClaw configuration file.

Install only if you are comfortable letting the agent manage OpenClaw scheduled tasks. Require the agent to show the exact task ID and command before any edit, run, disable, enable, or delete action, and do not allow the ~/.openclaw/openclaw.json sed fix unless you explicitly approve it and have a backup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to edit the global OpenClaw configuration file (`~/.openclaw/openclaw.json`) as part of a cron-management workflow. That action is outside the stated purpose of managing cron jobs, expands scope to persistent system-wide configuration changes, and could disable safeguards or alter platform behavior in ways the user did not explicitly request.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases include broad terms like "cron" and "切换模型", which may match common requests beyond the intended administrative context. Overly broad activation increases the chance that this skill runs in situations where users did not intend to invoke cron-management actions, potentially leading to confusing or risky command execution paths.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions include system-modifying and destructive CLI actions such as editing cron jobs, disabling tasks, manually triggering jobs, deleting tasks, and even modifying a global config file, but they do not consistently require a clear user-facing warning about operational impact. In an automation setting, this can cause accidental service disruption, unintended job execution, or persistent configuration drift without informed consent.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal