Clawhub Skill Smart Cron
PassAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed scheduling skill that can create recurring OpenClaw jobs, but users should review what gets scheduled because the implementation is not included in the artifacts.
Before installing or using this skill, confirm the `smart-cron` command comes from a trusted source, schedule only clear and bounded tasks, periodically review active jobs and logs, and be careful with alert channels because failure messages can include sensitive task details.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Scheduled jobs may continue running after the original request until the user pauses or removes them.
The skill is explicitly designed to create recurring cron-based OpenClaw executions. This is persistent automation, but it is disclosed and aligned with the scheduler purpose.
"Zero external dependencies" — uses system cron + OpenClaw orchestration
Review scheduled jobs with `smart-cron list`, check logs, and pause or remove jobs that are no longer needed.
A poorly specified or overly broad scheduled task could repeatedly perform unintended actions.
The skill accepts user-provided task text and schedule expressions, including custom cron passthrough. This is expected for a scheduler, but broad task text can have significant impact if the user schedules destructive or sensitive actions.
`smart-cron add <schedule> --task <task>` | Schedule a new task
Only schedule explicit, bounded tasks, preview next run times, and avoid recurring jobs that delete, publish, or modify important data unless you have reviewed them carefully.
The skill may not work as documented unless a compatible `smart-cron` command already exists, and that command’s provenance is not verified by this package.
The reviewed package does not include or install the documented `smart-cron` implementation. If the command is used, its actual source would need to be verified outside these artifacts.
No install spec — this is an instruction-only skill.
Install or run only a trusted `smart-cron` implementation, and verify the referenced repository before relying on the commands.
Local logs may retain information about tasks such as email summaries, reports, server checks, or failures.
The skill stores persistent job configuration and execution logs locally. This is disclosed and purpose-aligned, but scheduled task names, errors, and outputs may contain sensitive context.
All job configs and logs stored locally at `~/.openclaw/workspace/smart-cron-data/`. SQLite, no telemetry.
Review the log retention setting and avoid putting secrets or sensitive content directly into scheduled task descriptions.
Failure messages may reveal task names, timing, and error details to the configured messaging channel.
The skill may send failure notifications to an external messaging channel. This is disclosed and fits the alerting feature, but the artifacts do not detail what credentials or message boundaries are used.
Failure alerts — WhatsApp/Telegram alert if a job fails
Configure alerts only for trusted channels and avoid including sensitive information in scheduled task names or outputs.