Node Cron
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: node-cron Version: 1.0.0 The skill bundle provides standard documentation and usage examples for the legitimate 'cron' npm package. It includes clear instructions on scheduling tasks, API references, and migration guides (SKILL.md, api_reference.md) without any signs of malicious intent, data exfiltration, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package adds third-party code to the user's project.
The skill directs users to install a third-party npm package, which is expected for a Node.js cron reference but still introduces ordinary dependency provenance and version-pinning considerations.
Use the `cron` npm package (`npm install cron`)
Install from the official npm registry, pin an approved version in package.json or a lockfile, and review/audit dependencies according to the project's normal process.
A scheduled callback could repeatedly perform whatever work the user puts in it, such as sending reports or processing data.
The example creates a recurring job that starts automatically. This is the stated purpose of the skill, but recurring callbacks can continue to act until the application stops them.
cronTime: '0 0 9 * * 1', // 9am every Monday onTick: () => sendReport(), start: true
Use `start`, `stop`, `waitForCompletion`, and error handling deliberately, and avoid scheduling high-impact actions unless the user has explicitly approved the behavior.