Cron Doctor
PassAudited by ClawScan on May 1, 2026.
Overview
Cron Doctor is a coherent, instruction-only cron troubleshooting skill, but it asks the agent to inspect local cron configuration/logs and save a report that may contain operational details.
This skill appears safe for its stated purpose. Before using it, be aware that cron schedules and logs can reveal sensitive paths, job names, and operational details, and approve sudo/system-level inspection only when necessary.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read local cron and log information to diagnose failures.
The skill instructs the agent to run local diagnostic shell commands to inspect cron state and logs. This is expected for cron troubleshooting, but users should know the agent may interact with local system tooling.
crontab -l ... grep CRON /var/log/syslog | tail -50 ... log show --predicate 'process == "cron"' --last 1h
Use the skill only when you want the agent to inspect cron-related local state, and review commands before allowing privileged or broad log access.
If approved, the agent may view system-wide scheduled tasks, which can expose sensitive operational details.
The skill includes a sudo-based read of the system crontab. This is relevant to diagnosing system cron jobs, but it crosses from user-level inspection into privileged system-level configuration access.
sudo cat /etc/crontab
Only approve sudo or system-level cron inspection when system cron jobs are in scope for the troubleshooting request.
Cron job names, script paths, errors, and operational priorities may be saved in a local report.
The skill directs the agent to persist a health report containing failed job names, errors, last success times, priorities, and fixes. This is useful for the stated purpose but may store sensitive operational information.
Write to `~/workspace/reports/cron-health-YYYY-MM-DD.md`
Review generated reports before sharing them, and remove or redact sensitive job details if needed.