Cron Automation Manager
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is purpose-aligned for scheduling, but it needs review because it can create or alter long-running cron automations and automatically persist all job output without clear limits.
Install only if you are comfortable with an agent creating and managing scheduled jobs. Before enabling it, decide which cron jobs it may control, require confirmation for changes/deletions, review where logs are stored, and enable external delivery channels only after verifying recipients and credentials.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad instruction could alter, delete, or run scheduled automations the user relies on.
The skill can mutate or run scheduled tasks, but this module does not state that changes are limited to skill-owned jobs or require a final confirmation for each high-impact action.
- Update schedule or payload - Delete tasks - Trigger test runs
Require explicit confirmation, show the exact job and diff before every update/delete/test-run, and limit default management to jobs created by this skill unless the user opts in.
Private reminders, monitoring results, or untrusted web content could be stored long-term and influence later reports.
All cron outputs are automatically persisted and later reused for analysis, but the artifacts do not define retention, opt-out, sensitivity filtering, or how untrusted report content should be handled.
Every cron job created by this skill MUST automatically record its output into the daily intelligence log... The file acts as the persistent data layer for trend analysis.
Ask users before persistent logging, provide retention/cleanup controls, allow opt-out for sensitive jobs, and treat stored report content as untrusted input.
Jobs may keep running, collecting information, and sending reports until disabled or deleted.
Long-running automation is central and disclosed, but users should understand that scheduled jobs may continue operating after the initial chat task.
It allows AI agents to create, manage, and operate long-running automation systems such as monitoring pipelines, periodic reports, intelligence collection, and notification routing.
Provide users with an easy list/disable/delete workflow and show when each automation will run and where it will send output.
Automation outputs could be delivered to team channels, chats, or email addresses if configured.
The skill can route reports to external messaging and email systems; this is purpose-aligned, and the router says to ask when multiple channels are configured, but data may leave the local workspace.
Supported channels: - Feishu - Telegram - DingTalk - Slack - Discord - WhatsApp - Email - Webchat
Enable only intended channels, verify recipient IDs/webhooks, and avoid sending sensitive report content to shared destinations.
A configured bot token or webhook can post messages to the selected service.
Some delivery integrations require account credentials or bot posting permissions, which are expected for notifications but are not declared as required credentials in metadata.
Ensure the bot token has chat:write permission.
Use least-privilege bot tokens, restrict target channels, and keep credentials out of generated reports and logs.
Automatic setup may fail or, if a script exists outside the reviewed artifacts, run code the user has not inspected.
The documentation references an automatic initialization script, but the provided manifest contains no such script, leaving its provenance and behavior unreviewed in these artifacts.
On first use the system may initialize the delivery configuration automatically using: `skills/cron-automation-manager/scripts/init-delivery-config.ps1`
Include the referenced script in the package for review or change setup to a clearly user-approved, documented file-copy step.