Node Cron
PassAudited by ClawScan on May 6, 2026.
Overview
This is a coherent instruction-only reference for using the Node.js cron package, with expected cautions around installing a third-party npm package and creating recurring jobs.
This skill appears safe as a documentation aid. Before using it in a real project, verify the `cron` package source, pin the dependency version, and make sure any scheduled callbacks are intentional, bounded, and easy to stop.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package adds third-party code to the user's project.
The skill directs users to install a third-party npm package, which is expected for a Node.js cron reference but still introduces ordinary dependency provenance and version-pinning considerations.
Use the `cron` npm package (`npm install cron`)
Install from the official npm registry, pin an approved version in package.json or a lockfile, and review/audit dependencies according to the project's normal process.
A scheduled callback could repeatedly perform whatever work the user puts in it, such as sending reports or processing data.
The example creates a recurring job that starts automatically. This is the stated purpose of the skill, but recurring callbacks can continue to act until the application stops them.
cronTime: '0 0 9 * * 1', // 9am every Monday onTick: () => sendReport(), start: true
Use `start`, `stop`, `waitForCompletion`, and error handling deliberately, and avoid scheduling high-impact actions unless the user has explicitly approved the behavior.