ClawHub

Cron Job Token Auditor

v1.0.0

Audits OpenClaw Gateway cron jobs from jobs.json (or CLI), classifies scheduled workloads by token cost (agent turns vs deterministic work), and suggests whe...

0· 56·0 current·0 all-time
by@x3r081
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the skill only needs to read jobs.json or use the OpenClaw CLI to classify scheduled jobs and recommend script-based migrations. No unrelated binaries, services, or credentials are requested.
Instruction Scope
SKILL.md confines itself to reading job definitions (jobs.json or openclaw cron), heuristics for classification, redaction of secrets, and producing a report. It explicitly forbids editing jobs.json or system units unless the user requests drafts; it does not instruct the agent to read other system files or exfiltrate data to external endpoints.
Install Mechanism
There is no install spec and no code files—this is documentation-only. Nothing is downloaded, written, or executed by the skill itself, minimizing install-time risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. The operations described (reading jobs.json or invoking the OpenClaw CLI) align with the skill's stated purpose and do not request excessive permissions.
Persistence & Privilege
always:false and normal autonomous invocation are appropriate. The skill does not request permanent system changes or to modify other skills/configs; SKILL.md explicitly forbids automatic edits.
Assessment
This is a read-only advisory skill and appears coherent: it will examine jobs.json or use the OpenClaw CLI to produce audit reports and migration suggestions. Before installing, confirm that the agent will only be given access to the job definitions you want it to see (do not upload secrets or API keys). If you paste job JSON for review, redact any inline tokens/IDs you don't want exposed. Remember the agent could be invoked autonomously by default—if you prefer manual invocation, keep using it only on demand. If you need higher assurance, request the skill author to publish a minimal CHANGELOG or sign-off, but functionally the skill is proportionate to its purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ehaxsk6em4vg7jqe5vkc1eh84pk2d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments