ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pilot Cron

v1.0.0

Scheduled recurring task submission. Use this skill when: 1. You need periodic task execution on a fixed schedule 2. You want automated recurring tasks witho...

0· 8·0 current·0 all-time
byCalin Teodor@teoslayer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (scheduled recurring task submission on the Pilot network) matches the instructions: scripts call pilotctl to discover peers and submit tasks. However the SKILL.md also requires 'jq' and either cron or systemd timer support but those are not declared in the openclaw metadata (only pilotctl is declared). This is a modest inconsistency in declared dependencies.
Instruction Scope
The runtime instructions are narrowly scoped to creating executable scripts, adding cron entries or systemd timers, and calling pilotctl to submit tasks. All referenced files/paths (e.g., $HOME/.pilot, /tmp/crontab.tmp, $HOME/.pilot/logs) are consistent with the stated purpose. Note: the instructions will create persistent jobs that execute network operations; inspect scripts to ensure they do only what you expect.
Install Mechanism
This is an instruction-only skill with no install spec or code to download. No on-disk installation is performed by the skill itself beyond what the instructions tell you to do (create scripts, crontab/systemd entries). That lowers the surface area.
Credentials
The skill declares no required environment variables, which is reasonable because pilotctl appears to use a local daemon/config for auth. However SKILL.md uses additional tooling (jq) and system services (cron/systemd) that were not listed in the registry metadata. There's no requirement for unrelated credentials.
Persistence & Privilege
The instructions intentionally create persistent scheduled jobs (crontab or systemd user timers) and write scripts/logs under the user's home. The skill itself is not marked always:true and does not modify other skills, but installing the recommended cron/systemd entries will cause recurring network operations under the user's account—verify you want that behavior.
Assessment
This skill appears to do what it claims: schedule scripts that call pilotctl to submit tasks. Before you install or run the provided scripts: 1) Verify pilotctl is the official binary you expect and that the local Pilot daemon and keys are trusted (pilotctl likely uses local config for auth). 2) Ensure jq is installed and available (SKILL.md uses jq but metadata doesn't declare it). 3) Inspect and test any script ($HOME/.pilot/cron-jobs/*) so they don't perform unexpected actions. 4) Be aware that adding cron or systemd timers creates persistent jobs that will run with your user privileges and perform network calls—only allow this if you trust the scripts and the Pilot network endpoints. 5) If you don't want persistent jobs, run scripts manually or in an isolated environment first. If you want a stricter assessment, provide the pilotctl implementation details or the expected auth flow (where keys are stored), and confirm whether jq/cron/systemd should be declared as required binaries.

Like a lobster shell, security has layers — review code before you run it.

latestvk97235jsj1njffm6bd8fbkb66984hyxt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspilotctl

Comments