Compute during Off-Peak Hours for Complex Jobs
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is transparent about cron and credential risk, but the packaged script already contains tasks that could run overnight under the user's account.
Do not install or schedule the included off-peak-compute.sh as-is. If you want this functionality, create a fresh empty queue, delete all bundled TASK blocks, run it in a restricted environment, approve any public/account-changing task manually, and check your crontab and logs after setup.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may unknowingly run someone else's queued work overnight.
The packaged script contains active queued tasks even though the skill is presented as a generic off-peak compute template. This creates a mismatch between user expectations and what the included script would do if scheduled.
# TASK: File GitHub issue about missing --accept-license flag in ClawHub CLI # TASK: Blog post - AI Identity and Coherent Self-Concept
Ship only an empty template, or require the user to explicitly add every task before enabling the cron job.
The user's GitHub or related account could be used to create public content they did not intend to file.
The included script would invoke an agent to perform a public/account-affecting GitHub action. That is not merely local compute scheduling and may run without real-time user confirmation.
openclaw agent --agent main --message "File a GitHub issue on the OpenClaw repo about the ClawHub CLI missing the license acceptance flag... Save the issue URL to notes/projects/github-issues/clawhub-license-flag.md"
Remove preloaded tasks and require explicit user approval before any scheduled task posts, files issues, modifies accounts, or performs external actions.
Unwanted tasks could run repeatedly overnight until the user notices and edits the script or removes the cron job.
The script is designed for repeated autonomous execution, and tasks remain active unless manually removed. With the bundled tasks present, the skill can keep performing unintended work.
# Note: Tasks are NOT auto-removed. Review and remove manually, or # they will run again the next night.
Use one-shot queues, auto-disable completed tasks, and provide clear uninstall/disable instructions for the cron entry.
Scheduled agents may use whichever credentials are available in the environment, not just credentials intended for a specific job.
The skill explicitly relies on broad access to the user's credentials and environment. That is high-impact authority, especially when scheduled tasks may interact with GitHub or other services.
Sessions can access your environment's credentials - There is no sandboxing or credential scoping
Run scheduled jobs in a restricted account or environment with only the credentials needed for the chosen task.
Personal memory files or saved context could be used in a draft or other output without the user's specific intent.
A bundled scheduled task instructs the agent to read or use persistent memory content. This is not clearly scoped to the installing user and could pull private memory material into generated outputs.
Use William's professional writing voice from MEMORY.md - long carefully balanced sentences, scholarly authority with ethical self-awareness, precise terminology.
Do not schedule tasks that read memory files unless the user has reviewed the exact memory source and output destination.