Turnip Prophet
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: turnip-prophet Version: 1.2.4 The skill is classified as suspicious due to its installation of system packages requiring `sudo` (jq) and its ability to set up cron jobs that execute commands (`openclaw gateway call message.send`) on behalf of the user. While these actions are transparently communicated to the user in SKILL.md and require explicit confirmation, they represent significant privilege escalation and automated execution capabilities. Additionally, the construction of shell commands in SKILL.md and scripts/cron_handler.sh, particularly when embedding JSON strings as arguments, presents a potential vulnerability for shell or JSON injection if the OpenClaw agent does not rigorously sanitize or quote inputs, although no explicit malicious payloads are present in the skill itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running setup commands can change the local Python or system package environment.
The skill documents package-manager setup commands, including an unpinned Python dependency and a privileged OS package install for jq.
"command": "pip3 install matplotlib" ... "command": "sudo apt-get update && sudo apt-get install -y jq"
Review and run setup commands manually if needed; prefer your normal package-management practices or a virtual environment for Python dependencies.
Stale or incorrect local memory could lead to wrong predictions or reminders, and reminder setup can store channel and user ID data locally.
The skill intentionally uses persistent local memory as authoritative state for predictions.
Before doing ANYTHING, read the weekly data file: memory/turnip-week.json ... update `memory/turnip-week.json` immediately
Check or reset the memory files if predictions look wrong, especially at the start of a new week or after reinstalling.
If reminders are enabled, messages will be sent through the user's configured messaging channels as that user or bot.
Optional reminders use existing OpenClaw messaging credentials to send messages on the user's behalf.
Automated reminders will be sent as you, using your OpenClaw identity ... using your bot tokens or API credentials
Enable reminders only if you are comfortable with automated messages using your existing OpenClaw messaging setup; verify the channel and target before saving config.
Configured cron jobs can keep sending reminder messages until the cron entries are removed.
The cron handler performs scheduled message sending through OpenClaw using locally stored configuration.
"$OPENCLAW_BIN" gateway call message.send --params "{\"channel\":\"$CHANNEL\",\"target\":\"$TARGET\",\"message\":\"$message\"}"Review the generated cron entries before enabling reminders and remove them with crontab if you no longer want scheduled messages.