Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
To-Do
v1.0.3Give your AI the power to act in the future. Schedule delayed prompts and one-off reminders that automatically wake the agent up at an exact moment to execut...
⭐ 0· 455·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, required binary (node), and the two env vars (OPENCLAW_BIN, OPENCLAW_TZ) align with a scheduler that calls the OpenClaw agent at a future time. The script uses OS schedulers ('at' / 'schtasks') and invokes the openclaw binary to deliver messages, which is expected for this functionality.
Instruction Scope
SKILL.md explicitly instructs careful sanitization (no shell metacharacters, use only raw alphanumeric for user_id/channel) and to create fully self-contained instructions. However the code does not enforce those constraints: userId and channel are interpolated into shell commands without validation or escaping on POSIX/Windows flows. The skill therefore relies on politeness of callers rather than safe code, increasing risk of command injection or scheduling of malicious/overly-privileged actions. The skill also encourages including exact file paths and tool names in scheduled instructions — reasonable for clarity but increases chance of scheduling sensitive operations.
Install Mechanism
No install spec (instruction-only with provided JS file). Required runtime is node; no external downloads or archive extraction. Low install risk.
Credentials
Only OPENCLAW_BIN and OPENCLAW_TZ are required, which is proportionate for a scheduler that must call a local openclaw binary and interpret user timezone. However OPENCLAW_BIN points to a binary that will be executed later; if that binary is untrusted or has broad privileges, scheduled tasks can later trigger powerful actions. The skill does not request other secrets or credentials.
Persistence & Privilege
always is false (normal). The skill writes nothing itself but creates OS scheduler entries (at/schtasks) which persist and will run the openclaw agent at scheduled times. That persistence is appropriate for a scheduler but does increase blast radius because tasks run autonomously later; combined with the command construction issues this is a significant concern.
What to consider before installing
This skill generally does what it says — it schedules the OpenClaw agent to run later — but it currently trusts callers to avoid dangerous inputs instead of enforcing safety. Before installing: 1) Confirm OPENCLAW_BIN points to a trusted, least-privileged OpenClaw binary. 2) Review or modify to-do.js to avoid shell-based exec interpolation (use spawn/execFile with argument arrays or strictly validate/sanitize userId, channel, and task content). 3) Test scheduling in a non-production environment to confirm no command-injection paths exist (try attacker-style inputs). 4) Prefer restricting scheduled messages to non-sensitive content and avoid embedding secrets or write-access file paths in scheduled instructions. If you want higher assurance, ask the author to add input validation and change exec usage to a safer API; having that change would increase confidence from medium to high.Like a lobster shell, security has layers — review code before you run it.
automationvk97bf2mpx8b6z9mkj0bma0q2ah81zygylatestvk97bf2mpx8b6z9mkj0bma0q2ah81zygylinuxvk97bf2mpx8b6z9mkj0bma0q2ah81zygyproductivityvk97bf2mpx8b6z9mkj0bma0q2ah81zygyremindervk97bf2mpx8b6z9mkj0bma0q2ah81zygyto-dovk97bf2mpx8b6z9mkj0bma0q2ah81zygywindowsvk97bf2mpx8b6z9mkj0bma0q2ah81zygy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⏰ Clawdis
Binsnode
EnvOPENCLAW_BIN, OPENCLAW_TZ