Back to skill
Skillv2.0.1
ClawScan security
Cronjob · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 18, 2026, 10:39 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill does what it claims — a local cron-job logging/monitoring CLI that stores plain-text logs in your home directory and does not request network access or credentials.
- Guidance
- This skill appears internally consistent and implements a purely local cron logging tool. Before installing: (1) review and run the included scripts locally (they will create ~/.local/share/cronjob by default); (2) avoid writing secrets into log entries because logs are plain-text and retained locally; (3) if you prefer a different location set CRONJOB_DIR; and (4) only grant execution if you trust the BytesAgain source or after inspecting the script contents yourself. If you need networked alerting, verify or extend the tool explicitly — it currently does not perform any network I/O.
Review Dimensions
- Purpose & Capability
- okName/description match the provided artifacts: SKILL.md and the included script implement a local cronjob logging/monitoring utility. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- noteRuntime instructions and the script operate entirely on a local data dir (~/.local/share/cronjob by default). They only read/write files inside that directory and use standard unix utilities. Note: logs are stored in plain text and any sensitive strings you record will be persisted; SKILL.md warns there is no cloud sync.
- Install Mechanism
- okNo install spec; the skill is instruction-only with an included Bash script. Nothing is downloaded or installed from remote URLs during install.
- Credentials
- okThe skill declares no required environment variables, no credentials, and no config paths. The script respects CRONJOB_DIR override and otherwise uses only HOME to build a per-user data directory — appropriate for this purpose.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or cross-skill configuration. It persists only to its own data directory and does not attempt to modify system-wide settings or other skills.