ClawHub
Back to skill

Security audit

Linux Cron Panel

Security checks across malware telemetry and agentic risk

Overview

The skill matches its cron-management purpose, but it installs a persistent unpinned local service that can create, delete, and immediately run scheduled shell commands.

Install only if you trust the upstream GitHub project and want a persistent local service that can manage your crontab. Review the code first, pin a trusted version if possible, confirm every create/edit/delete/run action, and disable the systemd service when you no longer need it.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI04: Agentic Supply Chain Vulnerabilities
High
What this means

Installing the skill can execute code from a remote repository under the user's account, and later repository changes could affect what gets installed.

Why it was flagged

The setup clones the repository's current default state and runs its start script, but the reviewed artifact set contains no pinned version, checksum, lockfile, or bundled service code.

Skill content
git clone https://github.com/wdmywm3/linux-cron-panel.git "$HOME/.openclaw/linux-cron-panel" ... ExecStart=bash start.sh
Recommendation

Review the upstream repository before installing, pin to a trusted release or commit, and prefer a declared install spec with integrity checks.

#
ASI02: Tool Misuse and Exploitation
High
What this means

A mistaken or overly broad agent action could run commands on the local machine, modify the user's crontab, or remove existing scheduled jobs.

Why it was flagged

The API can create arbitrary scheduled commands, delete tasks, and run tasks immediately, but the instructions do not define confirmation, scoping, or rollback requirements for these high-impact operations.

Skill content
POST http://127.0.0.1:5002/api/tasks ... "command": "/path/to/script.sh" ... DELETE http://127.0.0.1:5002/api/tasks/{id} ... POST http://127.0.0.1:5002/api/tasks/{id}/run
Recommendation

Require explicit user approval before create/edit/delete/run actions, restrict commands to user-approved script paths, and show the exact cron change before applying it.

#
ASI10: Rogue Agents
Medium
What this means

The cron-management service can remain active after the user's immediate request is complete, continuing to expose local task-management capability.

Why it was flagged

The installation creates a persistent user systemd service that restarts automatically and is enabled immediately, with no matching uninstall or disable instructions shown.

Skill content
Restart=always ... systemctl --user enable --now linux-cron-panel
Recommendation

Provide clear stop, disable, and uninstall steps, and ask the user before enabling a persistent background service.