EZ Cronjob
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If allowed, the agent may run local `clawdbot cron` commands that change scheduled jobs or restart related services.
The skill directs the agent to use a general command-execution tool for cron management. This is disclosed and aligned with the deadlock workaround, but shell execution is broader than a scoped cron tool.
"Never use the `cron` tool directly. Use `exec` (or `bash`) instead" and "always use the exec/bash tool to run `clawdbot cron` commands."
Approve shell commands only after checking the job name, schedule, timezone, recipient, and that the command is limited to the intended `clawdbot cron` or diagnostic operation.
A mistakenly configured job could keep sending messages at the wrong time, to the wrong chat, or with the wrong prompt until removed.
The recommended workflow creates scheduled jobs that can continue running and deliver future messages. That persistence is the skill's purpose, but it affects ongoing agent behavior.
`clawdbot cron add ... --cron "0 9 * * 1-5" ... --deliver --channel telegram --to "CHAT_ID" --best-effort-deliver`
After creating or changing a job, list and verify active cron jobs and keep the job ID so it can be edited or removed.
Sensitive conversation details or chat IDs in logs could be exposed to the agent session during troubleshooting.
The troubleshooting steps read local bot and gateway logs into the agent's context. Logs can contain message text, chat identifiers, errors, or operational details.
`tail -100 /tmp/clawdbot/clawdbot-$(date +%Y-%m-%d).log | grep -i cron` and `tail -50 ~/.clawdbot/logs/gateway.err.log`
Review or redact log output before sharing it, and avoid including secrets, tokens, or unrelated private messages in the diagnostic context.