ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cron Tool

v1.0.0

Perform cron-tool operations from the command line.

0· 40·0 current·0 all-time
byBIN@dinghaibin

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dinghaibin/cron-tool.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Cron Tool" (dinghaibin/cron-tool) from ClawHub.
Skill page: https://clawhub.ai/dinghaibin/cron-tool
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cron-tool

ClawHub CLI

Package manager switcher

npx clawhub@latest install cron-tool
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The code implements a cron management CLI that reads and writes the user's crontab via the system crontab command. That capability matches the name/description, but the skill metadata declares no required binaries or config paths while the script depends on the 'crontab' binary and a writable user crontab. The omission of this dependency is an incoherence that could mislead users/installers.
!
Instruction Scope
SKILL.md is a simple CLI usage doc and stays scoped, but the included script performs sensitive operations: it reads and replaces the user's crontab, writes backup files, and launches an editor. More importantly, remove_cron has a logic bug: when removing by line number it pops the line from the in-memory list but then writes new_content from a different (still-empty) list, which will likely overwrite the crontab with an empty file — i.e., destructive data loss. There is minimal confirmation for destructive actions (only restore prompts).
Install Mechanism
No install spec (instruction-only + included script). Nothing is downloaded or installed by the manifest itself. Risk comes from the script's runtime behavior rather than an installer.
Credentials
No required environment variables are declared, and none are necessary for basic operation. The script does consult EDITOR via os.environ.get('EDITOR') to pick an editor — that's reasonable but not declared in metadata. No secrets or external service credentials are requested.
Persistence & Privilege
The skill does not request persistent/always-on privileges. However it performs privileged local actions in the sense of modifying the current user's crontab; if run by a privileged user it can alter scheduled jobs systemically. Autonomous invocation is allowed by default (not flagged here) — combine that with the destructive bug and it increases risk if the agent runs the skill without human oversight.
What to consider before installing
This skill is a cron-management CLI and mostly matches its description, but do not install or run it on important systems without inspection and testing. Specific concerns: (1) The script depends on the system 'crontab' command but the skill metadata doesn't declare that — confirm 'crontab' is present. (2) The remove-by-line-number implementation appears buggy and can result in overwriting your crontab with an empty file (data loss). (3) The tool can modify your crontab (and if run as an elevated user could affect critical jobs). Recommended steps before using: review and fix the remove_cron logic (ensure the new crontab is correctly reconstructed), add safety confirmations for destructive operations, backup your crontab (crontab -l > backup) and test in a non-production account or container, and update the skill metadata to declare the crontab dependency and note EDITOR usage. If you lack the ability to audit/fix the code, avoid installing it on systems where losing scheduled jobs would be harmful.

Like a lobster shell, security has layers — review code before you run it.

latestvk970xntfy8pvywqe67tcb02ma585m4y9
40downloads
0stars
1versions
Updated 13h ago
v1.0.0
MIT-0
BIN@dinghaibin
latest
Download

Cron - CLI Utility

Command-line utility for cron operations.

Quick Start

cron-tool --help

Features

  • Standard command-line interface
  • Common flags and arguments
  • Pipe and redirect compatible
  • Shell integration

Examples

# Show help
cron-tool --help

# Basic usage
cron-tool [options] [arguments]

# Pipe input
echo "input" | cron-tool [options]

Comments

Loading comments...