Back to skill
Skillv1.0.1
ClawScan security
Cron Doctor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 22, 2026, 10:25 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instruction-only skill whose commands and file access are consistent with diagnosing cron jobs; it asks to read system crontabs and logs and to write a local report, and does not request secrets or install code.
- Guidance
- This skill is instruction-only and appears coherent for diagnosing cron jobs. Before running it: (1) be aware it expects to read system files (crontab, /var/log/*, /etc/crontab) and may prompt for sudo to access system crontabs — only grant sudo if you trust the agent. (2) It writes reports to ~/workspace/reports; review those files if they contain sensitive output. (3) There are no network/exfiltration endpoints or required credentials in the instructions, but any agent that can execute shell commands has broad power — run it in a controlled environment or review commands before execution if you have concerns. (4) Note a minor metadata mismatch (SKILL.md version differs from registry), which looks like a bookkeeping issue, not a security problem.
Review Dimensions
- Purpose & Capability
- okName and description (cron diagnosis, triage, reporting) align with the instructions: reading crontabs and cron logs, identifying common error strings, prioritizing failures, and producing a local report.
- Instruction Scope
- noteSKILL.md instructs the agent to run shell commands that read crontabs and system logs (e.g., crontab -l, /var/log/syslog, /etc/crontab) and to write reports under ~/workspace/reports. These actions are appropriate for cron diagnosis, but they involve reading potentially sensitive local system files and may require sudo for system crontabs.
- Install Mechanism
- okNo install spec and no code files — lowest-risk instruction-only skill. Nothing is downloaded or written by an installer.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The runtime instructions reference typical system files for cron diagnostics only; they do not ask for unrelated credentials or environment secrets.
- Persistence & Privilege
- okFlags show default autonomy settings (agent invocation allowed) but not always:true; the skill does not request persistent installation or modify other skills or system-wide settings.