Back to skill

Security audit

cron-skills-session

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenClaw cron helper that creates local scheduled reminders or agent turns, with persistence and gateway restart behavior that users should understand before installing.

Install this only if you want the agent to directly manage OpenClaw cron jobs, including writing ~/.openclaw/cron/jobs.json and restarting the OpenClaw gateway. Review scheduled jobs periodically and remove or disable recurring entries you no longer want.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill description says it standardizes `sessionTarget`, but the body grants much broader authority: creating, modifying, validating, and activating cron jobs. This scope expansion is dangerous because it can cause persistent system changes beyond the narrowly advertised purpose, reducing transparency and increasing the chance of unauthorized automation being installed.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest frames the skill as standardizing session targeting, but the instructions mandate OpenClaw cron as the only mechanism for any time-based automation request. That mismatch can coerce the agent into a persistent scheduling path even when the user may expect a safer or less invasive alternative, increasing the risk of unnecessary persistence and configuration changes.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Instructing the agent to run `openclaw gateway restart` adds service-control capability unrelated to merely standardizing cron target fields. Restarting a gateway can interrupt active sessions or workloads and creates an unnecessary operational impact surface if triggered automatically.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to modify `~/.openclaw/cron/jobs.json` and restart the gateway without warning the user that local configuration will be changed and services may be interrupted. This is dangerous because it removes informed consent around persistent configuration edits and operational side effects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.