Clawhub Skill Smart Cron

This skill's purpose (natural-language cron management) is believable, but there are important gaps before you should install it: - Confirm how failure alerts are delivered. SKILL.md mentions WhatsApp/Telegram alerts and an alert_channel config but the skill declares no API keys or integration steps. Ask the author or inspect the referenced GitHub repo to see whether it uses OpenClaw's built-in messaging, third‑party APIs (which require tokens), or a user-side client. - Review the implementation on the claimed GitHub repository (https://github.com/mariusfit/smart-cron) before running it. Because the skill runs arbitrary tasks, the code can execute any command and make network requests — verify there is no hidden exfiltration or unexpected outbound endpoints. - Check the exact mechanism used to modify cron (crontab entries). Ensure it runs only under your user account and doesn't require elevated privileges you don't want to grant. - Inspect stored data under ~/.openclaw/workspace/smart-cron-data/ for sensitive logs and ensure retention/rotation settings are appropriate. - If you need message alerts, prefer explicit credential configuration and minimal required scopes; do not provide broad tokens without understanding where they are stored and who can read them. If you cannot or will not review the code, consider running the tool in an isolated environment (container or dedicated VM) and deny it unnecessary network or host permissions. Additional information that would raise my confidence to 'high': the actual implementation source code (or a vetted package), clear documentation of how alerts are authenticated, and a description of what OpenClaw 'message' tool does and what permissions it uses.