Clawhub Skill Smart Cron

Security checks across malware telemetry and agentic risk

Overview

This skill is a task scheduler that openly uses system cron, but its persistent unattended execution and broad task authority deserve careful review before installation.

Install only if you are comfortable giving this skill persistent scheduling authority. Review every scheduled task as if it will run later without asking again, avoid broad cleanup or deletion jobs unless paths are tightly scoped and backed up, and verify that created cron entries are easy to list, inspect, and remove.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly encourages users to schedule arbitrary OpenClaw tasks, including examples that summarize emails, write to MEMORY.md, and clean old logs or archive files, but it does not clearly warn that scheduled tasks may automatically modify or delete local data. Because jobs run unattended via cron, users may underestimate the persistence and impact of destructive or overly broad tasks, increasing the chance of accidental data loss or unauthorized file changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal