Cron Scheduler
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or mistaken line-number argument could alter more of the crontab than intended or run unintended sed-supported actions.
The remove-by-line value is inserted directly into a sed program instead of being validated as a number; crafted input can change the sed script, and on some sed implementations may trigger behavior beyond simple line deletion.
echo "$current_crontab" | sed -n "H;1h;\$!d;x;s/^[0-9]*[ \t]*//;${value}d" > "$temp_file"Validate line numbers with a strict numeric check and use a safer deletion method, with a preview and confirmation before applying changes.
A scheduled command may keep running in the background long after the user or agent interaction ends.
The add path writes an arbitrary command into the user's crontab, creating recurring execution that persists after the immediate task.
echo "$schedule $command" >> "$temp_file" ... crontab "$temp_file"
Only add cron jobs after reviewing the exact command and schedule; prefer explicit confirmation, labels/comments, and a backup before changes.
A mistaken pattern could delete important scheduled jobs and disrupt backups, syncs, monitoring, or other automation.
The remove-by-pattern path rewrites the crontab based on a user-supplied pattern; a broad regex can remove multiple jobs, and the shown code does not include a preview or confirmation.
echo "$current_crontab" | grep -v "$value" > "$temp_file" ... crontab "$temp_file"
List jobs first, back up manually, and require a preview/confirmation before pattern-based removal.
Approving sudo prompts can affect system-wide cron behavior, including other scheduled tasks.
Service management uses sudo to start or stop the system cron daemon. This is disclosed and purpose-aligned, but it crosses a privilege boundary.
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.cron.plist ... sudo systemctl start cron ... sudo systemctl stop cron
Approve sudo service actions only when you explicitly intend to start or stop the cron daemon.
You may be less cautious about destructive changes if you assume automatic rollback is guaranteed.
The safety claim is not clearly backed by the shown add/remove implementation, where crontab changes are installed directly; users may rely on an automatic backup that is not evident in the provided code excerpt.
- Backup created before any destructive operations
Treat backups as manual unless the implementation is updated or verified; run the backup command before add/remove/restore operations.