ClawHub

Cron Delivery Fix

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This cron repair skill is purpose-related, but its scripts can automatically rewrite many scheduled-job delivery settings to fixed destinations without enough safeguards.

Review carefully before installing. Only use this in an environment where you are prepared for the skill to modify OpenClaw cron jobs, and do not run the fix scripts until the destination channel, recipient, and account values are replaced with your intended values and you have exported or backed up existing cron configuration.

SkillSpector (6)

By NVIDIA

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to run shell scripts and CLI commands, but it declares no corresponding permissions. That mismatch can cause the platform to under-enforce execution boundaries and prevents proper user review of what the skill is capable of doing. In a security-sensitive environment, undeclared shell capability increases the risk of unintended command execution against cron configuration.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script enumerates all cron jobs and bulk-edits any job matching broad heuristics, which exceeds a narrowly scoped delivery-troubleshooting task and creates a mass-change primitive. In this skill context, that is especially dangerous because a troubleshooting tool should target specific failing jobs, not rewrite platform-wide scheduling configuration; a mistaken rule or malicious default can silently alter many unrelated jobs at once.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The script hard-codes a global channel, recipient, and account ID, then applies those values to jobs in announce mode regardless of each job's original owner or destination. In a delivery-fix skill, this is far more dangerous than generic misconfiguration because it can reroute notifications/messages from all affected cron jobs to a fixed external endpoint, enabling data exfiltration or unauthorized message redirection.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
For some jobs the script sets '--no-deliver', which disables delivery entirely even though the stated purpose is to fix failed delivery. In context, this can silently suppress scheduled notifications/messages and create denial of service for legitimate cron outputs, making outages worse while appearing to be a repair action.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script unconditionally rewrites any specified job to a hard-coded recipient and account, which goes beyond repairing malformed delivery settings and can redirect scheduled output to the wrong destination. In this skill context, that is especially dangerous because it operates on cron delivery for OpenClaw jobs, so a user invoking a 'fix' could silently reroute notifications or data to an unrelated mailbox/account and cause disclosure or operational disruption.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script performs bulk cron edits immediately and then runs a follow-up diagnosis without any confirmation, dry-run preview, or transactional safeguard. In this skill context, the lack of user confirmation materially increases risk because the script modifies scheduled job behavior at scale, so operator mistakes or bad heuristics can cause broad unintended changes before anyone reviews them.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal