Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cron Health Monitor
v1.0.0定时监控 OpenClaw Agent 的 Cron 任务及系统资源状态,自动告警失败任务和异常,确保稳定运行。
⭐ 0· 56·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description target Unix-style cron monitoring, but SKILL.md lists PowerShell 5.0+ in Requirements (Windows), which is inconsistent. The skill promises alerting (e.g., 'feishu') and automatic retries but does not declare any credentials, agents, or tooling required to deliver those features.
Instruction Scope
The SKILL.md is high-level and lacks concrete runtime steps: it doesn't show how to schedule the 30-minute checks, what commands or APIs to run to inspect cron/system state, where logs are read, or how retries are performed. That vagueness grants broad agent discretion (potentially reading system files or executing commands) without explicit limits or required permissions.
Install Mechanism
No install spec (instruction-only), which limits disk write risk but creates functional ambiguity: there is no provided mechanism to set up periodic checks or services. Absence of an install step is coherent from a safety perspective but leaves open how the monitoring will actually be deployed.
Credentials
SKILL.md references alertChannels (default includes 'feishu') and automated retries but declares no environment variables, credentials, or tokens to authenticate to Feishu or other alerting services. It also doesn't state required permissions for inspecting or restarting cron tasks (which typically need elevated privileges).
Persistence & Privilege
always is false and the skill is user-invocable; autonomous invocation is allowed (platform default). That alone is not a problem, but combined with the skill's vague instructions for executing and retrying tasks, autonomous runs could perform sensitive operations if the agent has privileges—this risk isn't described or constrained in the SKILL.md.
What to consider before installing
This skill is plausible but inconsistent and underspecified. Before installing: (1) ask the author for the exact runtime instructions or code (how checks run, what commands are executed, and what files/paths are read), (2) require explicit declaration of alerting credentials (e.g., Feishu token) and ensure they follow least privilege, (3) confirm platform support (cron on Linux vs PowerShell on Windows) and required OS/privileges (does it need sudo?), (4) request an install/run script or service file so you can review what will be scheduled and run, and (5) test in a sandbox/staging environment with limited privileges. If the author cannot provide concrete code and a clear list of required tokens/permissions, treat the skill as risky and avoid installing it on production systems.Like a lobster shell, security has layers — review code before you run it.
latestvk97c8a7ymavvawc7rqq2f40vqs83k90z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.