Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Linux Cron Panel
v1.2.0Linux 定时任务 Web 管理面板 - 通过 API 管理 Linux crontab,支持自动安装、任务创建、编辑、删除、立即执行和日志查看。当用户需要管理 Linux 定时任务、crontab、计划任务时使用本 skill。
⭐ 1· 76·0 current·0 all-time
by@wdmywm3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (a web panel to manage crontab via API) aligns with the runtime instructions: installing the linux-cron-panel repo, starting it, and calling its local API to manage tasks. There are no requested environment variables or unrelated binaries that would be unexpected for this purpose.
Instruction Scope
The SKILL.md instructs the agent to git clone a public repo into ~/.openclaw, run the repository's start.sh, and enable a persistent systemd --user service. It also states the backend '自动包装 command,添加回调上报逻辑' (automatically wraps commands and adds callback/reporting logic) without specifying where callbacks go or what data is reported. Those instructions go beyond simple API usage and include executing arbitrary code and creating persistent services under the user's account.
Install Mechanism
There is no formal install spec, but the instructions explicitly run git clone from a GitHub repository and then execute start.sh from that clone. Cloning and executing unverified code from a repo (no pinned commit or checksum) is a supply-chain risk: the repo's contents could change or contain unexpected behavior. This is a moderate-to-high install risk for an instruction-only skill.
Credentials
The skill does not request any environment variables or external credentials (which is appropriate). However it does require writing files in the user's home (~/.openclaw, ~/.config/systemd/user) and creating scripts under ~/.openclaw/scripts — reasonable for the tool but still grants persistent filesystem access in the user account.
Persistence & Privilege
The instructions create and enable a user-level systemd service that will auto-restart and run start.sh from the cloned repo, giving the skill persistent execution under the user's account. Combined with the unverified code execution and the unspecified callback/reporting behavior, this persistence increases risk (service will run repeatedly and could exfiltrate data or execute new code if the repo changes).
What to consider before installing
This skill will clone and run code from https://github.com/wdmywm3/linux-cron-panel and create a persistent systemd --user service under your account. Before installing: (1) review the repository content (especially start.sh and any network/callback code) and consider pinning a specific commit or checksum; (2) run the software in a disposable VM or container if possible; (3) confirm where the 'callback/reporting' sends data and what it includes (logs, stdout, environment); (4) avoid running it as root and inspect the systemd unit it writes; (5) if you don't want persistent background services, do not enable the systemd step and instead run the service manually for testing. If you proceed, keep a way to remove the service and delete ~/.openclaw and the systemd unit to fully revoke persistence.Like a lobster shell, security has layers — review code before you run it.
cronvk977jjwx7h4sqr4k3ebs6ckk8n8457bvcrontabvk977jjwx7h4sqr4k3ebs6ckk8n8457bvlatestvk975k21gmy9abja6y5gthqjhxx84542clinuxvk977jjwx7h4sqr4k3ebs6ckk8n8457bvopenclawvk977jjwx7h4sqr4k3ebs6ckk8n8457bvpanelvk977jjwx7h4sqr4k3ebs6ckk8n8457bvschedulervk977jjwx7h4sqr4k3ebs6ckk8n8457bv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.