ClawHub

Cron Mastery 1.0.3

Security checks across malware telemetry and agentic risk

Overview

This scheduling guide is instruction-only, but it needs review because its examples can delete scheduler state and repeatedly send email-derived summaries to a hard-coded Telegram destination.

Review before installing. Replace any Telegram recipient with a destination you control, do not schedule email summaries unless you explicitly consent to mailbox access and third-party delivery, and avoid manual cron state-file deletion unless you have a backup and understand active reminders may be lost.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill advises manually deleting `~/.openclaw/state/cron/jobs.json` as a troubleshooting step, which is a destructive filesystem operation outside the core purpose of a scheduling guidance skill. If followed, it can erase scheduler state, remove legitimate pending jobs, and encourage unsafe direct manipulation of internal gateway files without safeguards or recovery guidance.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The template goes beyond pure scheduling by instructing the agent to search unread emails and top tech news, which expands the skill into data retrieval and content processing. In a scheduling skill, this broadens authority and can normalize access to sensitive mailbox data without clear user consent, scope limits, or disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown presents deletion of the cron state file as a fix without prominently warning that it is destructive and may wipe scheduled jobs or corrupt operational continuity. In a scheduling skill, normalizing manual deletion of internal state increases the chance of accidental service disruption by users who may not understand the consequences.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The reminder template includes external delivery to a Telegram recipient but provides no user-facing warning that content will be sent off-platform to a specific destination. Even if the example message is harmless, the pattern encourages hidden outbound delivery behavior that could expose sensitive reminder content or metadata.

Missing User Warnings

High
Confidence
96% confidence
Finding
This recurring template combines access to unread emails with automated announcement to Telegram, creating a clear path for sensitive mailbox data to be transmitted to an external channel without an explicit warning. Because it is recurring, any mistake in targeting, consent, or content filtering can repeatedly exfiltrate private information over time.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal