ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Reminder OC Cron Based

v0.1.0

Create, inspect, and cancel OpenClaw cron-based chat reminders. Use when the user asks for a reminder at a specific time or after a delay, wants to list pend...

0· 37·0 current·0 all-time
by@anghu666

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for anghu666/reminder-oc-cron-based.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Reminder OC Cron Based" (anghu666/reminder-oc-cron-based) from ClawHub.
Skill page: https://clawhub.ai/anghu666/reminder-oc-cron-based
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install reminder-oc-cron-based

ClawHub CLI

Package manager switcher

npx clawhub@latest install reminder-oc-cron-based
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description (create/inspect/cancel OpenClaw cron reminders) aligns with the helper script and SKILL.md. However, the skill registry declares no required environment variables or credentials while the helper script expects several OPENCLAW_REMINDER_* env vars and an OPENCLAW_BIN override. Those env vars are material to the skill's operation but are not declared in metadata, which is an inconsistency.
!
Instruction Scope
SKILL.md instructs the agent to prefer native cron and uses the helper only as optional convenience. The helper script itself interacts only with the OpenClaw CLI (no unrelated files), lists and filters jobs, and creates/removes jobs. The problem is SKILL.md does not document the helper's dependency on specific environment variables (OPENCLAW_REMINDER_CHANNEL/TO/ACCOUNT, OPENCLAW_REMINDER_TZ) nor that OPENCLAW_BIN can be overridden — leaving room for unexpected behavior if those env vars are present or manipulated.
Install Mechanism
No install spec; this is instruction-plus-script only. That lowers supply-chain risk because nothing is downloaded or written during install. The helper is a local Python script that will run only if invoked.
!
Credentials
Registry metadata lists no required env vars, but the script reads OPENCLAW_BIN, OPENCLAW_REMINDER_TZ, and (for create) OPENCLAW_REMINDER_CHANNEL, OPENCLAW_REMINDER_TO, OPENCLAW_REMINDER_ACCOUNT. Those environment variables are necessary for operation in some modes and should have been declared. In particular, OPENCLAW_BIN defaults to "openclaw" but can be set to any path; if an attacker or misconfigured environment supplies a malicious binary path, invoking the helper could execute arbitrary commands. The number and naming of these env vars is disproportionate to what the registry claims.
Persistence & Privilege
always is false and the skill does not request persistent or system-wide modifications. The helper only calls the OpenClaw CLI and does not modify other skills or global configs itself.
What to consider before installing
This skill appears to do what it says, but check these before installing or running the helper script: - Ask the publisher to declare the environment variables the helper needs (OPENCLAW_BIN, OPENCLAW_REMINDER_TZ, OPENCLAW_REMINDER_CHANNEL, OPENCLAW_REMINDER_TO, OPENCLAW_REMINDER_ACCOUNT) in the registry metadata so you know what will be read. - Verify the OPENCLAW_BIN value in your environment (and in any environment where the skill will run). If OPENCLAW_BIN can be set by an untrusted actor, an attacker could make the helper execute an arbitrary binary. - Only run the helper script in trusted environments where the OpenClaw CLI is installed and you control environment variables. Prefer the native cron workflow recommended in SKILL.md if portability or stronger isolation is required. - Review the exact openclaw commands the helper will run (listed in the script) and confirm your OpenClaw CLI’s behavior/permissions, since the script invokes add/list/remove operations. - If you need stronger assurance, request the author to (a) declare required env vars in metadata, (b) avoid allowing OPENCLAW_BIN overrides or validate its path, and (c) document expected CLI outputs/versions. Given these inconsistencies, proceed cautiously; the issues look like sloppy metadata/documentation rather than explicit malice, but they create a meaningful risk surface.

Like a lobster shell, security has layers — review code before you run it.

latestvk975b8w1gmmtg5nzf1h3w0px0x85jcyk
37downloads
0stars
1versions
Updated 1d ago
v0.1.0
MIT-0
@anghu666
latest
Download

OpenClaw Reminder

Use OpenClaw's native cron tool as the primary way to create and manage chat reminders. The bundled scripts/reminder_cron.py helper is optional and should be treated as a convenience layer, not the core contract of the skill.

Use this skill for

  • creating a one-time reminder
  • listing pending reminder jobs
  • reviewing reminders due soon
  • checking overdue reminder jobs that still exist
  • canceling an unexecuted reminder

Do not use this skill for

  • calendar event management
  • third-party reminder services
  • recurring habits unless the user explicitly wants a recurring cron reminder

Core workflow

  1. For a new reminder, create a one-shot cron job with schedule.kind="at", payload.kind="systemEvent", and reminder text that will still make sense when it fires later.
  2. Name reminder jobs with a stable reminder: prefix so they can be found and managed later.
  3. Set deleteAfterRun=true for ordinary one-time reminders.
  4. When the reminder must return to the same chat, include explicit delivery routing only when the active channel requires it.
  5. To inspect reminders, list cron jobs and filter reminder jobs by name and schedule.
  6. To cancel a reminder that has not fired yet, identify the correct reminder job first, then remove only that job.

Native cron tool examples

Create a one-time reminder:

{
  "name": "reminder:doctor-appointment",
  "schedule": {
    "kind": "at",
    "at": "2026-04-26T14:00:00+08:00"
  },
  "payload": {
    "kind": "systemEvent",
    "text": "Reminder: leave now for your appointment."
  },
  "delivery": {
    "mode": "announce"
  },
  "deleteAfterRun": true
}

Inspect reminders:

  • list cron jobs and filter jobs whose names start with reminder:
  • for due-soon views, compare schedule times against the requested window
  • for overdue views, show reminder jobs whose scheduled time has already passed but still exist

Cancel a reminder:

  • find the intended reminder: job first
  • remove only the confirmed target job

Optional helper script

Use scripts/reminder_cron.py only when a local CLI helper is actually useful in the current environment. This helper is primarily suited to environments where the OpenClaw CLI is available and the active reminder route is backed by a supported chat channel plugin with explicit delivery fields. Treat it as an environment-dependent convenience layer, not as a guaranteed cross-channel or cross-version contract; in other environments, it may require adjustment or may not work directly.

python3 scripts/reminder_cron.py create --title "Doctor appointment" --at "2026-04-26 14:00" --tz UTC --channel <channel> --to <target> --account <account>
python3 scripts/reminder_cron.py pending
python3 scripts/reminder_cron.py upcoming --days 3
python3 scripts/reminder_cron.py overdue
python3 scripts/reminder_cron.py delete --id <job_id>

Delivery guidance

  • Include enough context in the reminder text so it still makes sense when it fires later.
  • If the user gave no timezone, use the user's configured timezone when available; otherwise prefer a neutral default such as UTC.
  • Use delivery.mode="announce" when the reminder should post back to chat.
  • If the channel requires explicit routing, include the live target fields such as delivery.channel, delivery.to, and delivery.accountId.
  • Prefer native tool workflows over shell CLI assumptions when both are available.
  • Use reminder-style text with payload.kind="systemEvent" when the reminder should wake the main session with reminder text instead of launching an unrelated isolated task.

Notes

  • This skill manages only reminder jobs, preferably those whose names start with reminder:.
  • For short-lived personal reminders, keep titles concise and messages explicit.
  • When a cancellation request is ambiguous, list candidate reminder jobs and confirm which one to remove before deleting anything.
  • Treat the helper script as optional packaging convenience; the portable contract of this skill is the native cron workflow.
  • The helper may rely on CLI availability, channel-specific delivery rules, and environment-specific routing behavior, so prefer the native workflow whenever portability matters.

Comments

Loading comments...