Skylv Smart Task Scheduler
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed scheduler, but it can automatically run arbitrary shell commands from task files, including account-publishing commands, so it needs careful review before use.
Review every task file before running this skill, especially with `run`, `now`, or `watch`. Treat task files as executable code: they can run shell commands with your current user privileges and may use your logged-in CLI accounts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A task file can run arbitrary commands on the user’s machine, potentially changing files, running programs, or acting on logged-in services.
The scheduler executes the `command` field from a task file directly through the shell, with no allowlist, confirmation step, or command-scope restriction shown.
const out = execSync(action.command, opts);
Only run trusted task files. Add explicit user approval for high-impact commands, restrict allowed commands or directories, and provide a dry-run/list mode before execution.
Once started, commands can keep running repeatedly in the background-like scheduler loop, which could amplify mistakes or unwanted account actions.
The `watch` command keeps a daemon-style loop running every 30 seconds and executes due tasks until the user interrupts it.
const id = setInterval(tick, interval);
Use `watch` only with reviewed task files, add clear stop/status controls, and consider max-run, backoff, and confirmation safeguards for sensitive tasks.
A configured task could publish or mutate account-backed resources without a fresh review at execution time.
The documentation shows scheduled publishing through a CLI command, which may act using the user’s existing authenticated account or local credentials.
"action": { "command": "clawhub publish . --slug skylv-x --version 1.0.0" }Use least-privilege credentials, review publishing commands carefully, and avoid scheduling account-mutating actions unless the trigger and output are tightly controlled.