Skillv1.6.0

ClawScan security

Chronos · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 27, 2026, 3:48 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The Chronos skill's code and runtime instructions largely match a recurring-task manager, but the package metadata omits required environment configuration and the runtime can execute or load additional local scripts and mutate a local DB — these mismatches warrant caution.
Guidance: This package appears to implement the described recurring-task manager, but there are a few red flags to consider before installing or running it: - Metadata vs runtime mismatch: the skill metadata lists no required environment variables, but the code and SKILL.md require CHRONOS_CHAT_ID (mandatory) and optionally accept CHRONOS_DB_PATH, CHRONOS_WORKSPACE / OPENCLAW_WORKSPACE, OPENCLAW_BIN, CHRONOS_PYTHON_BIN, and CHRONOS_PREDICTION_LOGGER. Ask the author to declare these explicitly in the skill metadata and explain which are required vs optional. - Sensitive/side-effecting actions: Chronos will read and alter your local todo DB (todo.db), add schema columns, delete/normalize rows, and can create/remove cron reminders (via OpenClaw). Back up your DB before running migration/cleanup scripts and review any schema changes in core/db.py (ensure_schema). - Arbitrary local script execution: core/learning.py will invoke an optional prediction-logger script if CHRONOS_PREDICTION_LOGGER is set or a default script exists in the workspace. If that script exists and is untrusted, it could run arbitrary code. Ensure scripts in your workspace (and the configured prediction_logger path) are trusted before enabling them. - OpenClaw dependency: The skill constructs OpenClaw cron commands using OPENCLAW_BIN. If you configure OPENCLAW_BIN to point to a different binary or if your environment has an unexpected openclaw binary, commands may run with that binary. Use the default only if you trust the system-level openclaw command. - Testing advice: run the unit tests and schema_preflight in an isolated environment (copy of your DB) first: python3 -m unittest discover -s skills/chronos/tests -v and python3 skills/chronos/scripts/schema_preflight.py. Run migration/cleanup scripts in dry-run modes where supported. Inspect any prediction_logger or other scripts the skill would invoke. If you need to proceed: provide CHRONOS_CHAT_ID explicitly, set CHRONOS_DB_PATH to a safe copy of your DB for initial testing, and avoid setting CHRONOS_PREDICTION_LOGGER or setting OPENCLAW_BIN to an untrusted binary until you have audited those components.

Review Dimensions

Purpose & Capability: okName/description (periodic task manager) align with the provided code: scheduling, monthly quotas, occurrences, migration helpers, and a todo CLI all appear implemented. The files and functions (scheduler, models, db, todo CLI scripts) are consistent with the described purpose.
Instruction Scope: noteSKILL.md and the code instruct reading config (~/.config/chronos/config.json or CHRONOS_CONFIG_PATH), operating on a local todo DB, generating cron reminders, and reading a subagent ledger (memory/subagent_sync_ledger.json). Those are in-scope for a scheduler, but the runtime also invokes an optional external prediction logger and builds OpenClaw cron commands (which may be executed elsewhere). The instructions do not appear to attempt unrelated system access, but they do read and modify local DB and local files and expect an external 'openclaw' binary.
Install Mechanism: okNo install spec is present (instruction-only), which is low risk. The skill bundle nevertheless includes many code files that will run on the agent when invoked; there is no remote download or obscure installer in the manifest. The code alters local DB schema at runtime (ensure_schema), so installation is minimal but runtime will write/modify local state.
Credentials: concernRegistry metadata declared no required environment variables or primary credential, but SKILL.md and code require/expect CHRONOS_CHAT_ID (mandatory), and optionally CHRONOS_CONFIG_PATH, CHRONOS_DB_PATH, CHRONOS_WORKSPACE/OPENCLAW_WORKSPACE, OPENCLAW_BIN, CHRONOS_PYTHON_BIN, CHRONOS_PREDICTION_LOGGER, and CHRONOS_PREDICTION_LOGGER-related scripts. This mismatch is an incoherence: a required configuration (CHRONOS_CHAT_ID) and several potentially sensitive paths/variables were not declared in metadata. Some optional env vars (prediction logger path, OPENCLAW_BIN) can cause execution of local scripts or external binaries — they must be trusted.
Persistence & Privilege: noteThe skill does not request always: true and does not declare elevated platform privileges. It will modify local application state: alter/ensure columns in your todo DB, create/remove cron reminders via OpenClaw command construction, and write bookkeeping metadata. Those effects are proportionate to a scheduler but are persistent and affect user data — back up the DB before running.