Skillv1.0.0

ClawScan security

Cron Health Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 25, 2026, 4:51 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's high-level purpose (monitor cron jobs) is plausible, but the instructions are vague and contain inconsistencies (cron vs PowerShell, alert channels like Feishu with no credentials, no install/run instructions or permissions), so it's unclear how it would safely operate.
Guidance: This skill is plausible but inconsistent and underspecified. Before installing: (1) ask the author for the exact runtime instructions or code (how checks run, what commands are executed, and what files/paths are read), (2) require explicit declaration of alerting credentials (e.g., Feishu token) and ensure they follow least privilege, (3) confirm platform support (cron on Linux vs PowerShell on Windows) and required OS/privileges (does it need sudo?), (4) request an install/run script or service file so you can review what will be scheduled and run, and (5) test in a sandbox/staging environment with limited privileges. If the author cannot provide concrete code and a clear list of required tokens/permissions, treat the skill as risky and avoid installing it on production systems.

Review Dimensions

Purpose & Capability: concernName/description target Unix-style cron monitoring, but SKILL.md lists PowerShell 5.0+ in Requirements (Windows), which is inconsistent. The skill promises alerting (e.g., 'feishu') and automatic retries but does not declare any credentials, agents, or tooling required to deliver those features.
Instruction Scope: concernThe SKILL.md is high-level and lacks concrete runtime steps: it doesn't show how to schedule the 30-minute checks, what commands or APIs to run to inspect cron/system state, where logs are read, or how retries are performed. That vagueness grants broad agent discretion (potentially reading system files or executing commands) without explicit limits or required permissions.
Install Mechanism: noteNo install spec (instruction-only), which limits disk write risk but creates functional ambiguity: there is no provided mechanism to set up periodic checks or services. Absence of an install step is coherent from a safety perspective but leaves open how the monitoring will actually be deployed.
Credentials: concernSKILL.md references alertChannels (default includes 'feishu') and automated retries but declares no environment variables, credentials, or tokens to authenticate to Feishu or other alerting services. It also doesn't state required permissions for inspecting or restarting cron tasks (which typically need elevated privileges).
Persistence & Privilege: notealways is false and the skill is user-invocable; autonomous invocation is allowed (platform default). That alone is not a problem, but combined with the skill's vague instructions for executing and retrying tasks, autonomous runs could perform sensitive operations if the agent has privileges—this risk isn't described or constrained in the SKILL.md.