Back to skill
Skillv0.1.0
ClawScan security
OpenClaw Cron Replay · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 7:31 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only, local-debugging helper that stays consistent with its stated purpose and does not request extra credentials, installs, or network access.
- Guidance
- This skill is instruction-only and appears coherent: only install and run it if you control or have audited the local openclaw-cron-replay binary. Do not run the replay tool as root unless necessary, inspect any job/result/config files for embedded secrets before opening them, and avoid following any remote-install instructions (the SKILL.md explicitly discourages that). If you need higher assurance, review the upstream repository at the provided GitHub link before use.
Review Dimensions
- Purpose & Capability
- okName/description, SKILL.md, and skill.json all describe a local replay/debug tool and the only prerequisite is a trusted local 'openclaw-cron-replay' binary; nothing asked for (env vars, unrelated binaries, remote installs) is out of scope.
- Instruction Scope
- okRuntime instructions only tell the agent/operator to run a local binary against local job/result/config files and include sensible warnings (inspect files for secrets, avoid root, prefer audited installs). The referenced paths (e.g., /root/.openclaw/cron/jobs.json) are plausible for cron artifacts and are relevant to the task.
- Install Mechanism
- okThere is no install spec and SKILL.md explicitly discourages remote installs; the skill is instruction-only so nothing is written to disk by the skill itself.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths beyond asking the operator to point the local binary at local artifact files — which is proportional for a replay/debug tool.
- Persistence & Privilege
- okThe skill is not always-enabled, does not request privilege escalation, and does not attempt to modify other skills or system-wide settings.