Back to skill
Skillv1.0.0
ClawScan security
Drink Water Reminder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 3, 2026, 5:33 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior (creating/removing OpenClaw cron jobs) matches its description, but the package omits required runtime dependencies (openclaw CLI and node) and the manifest/instructions are inconsistent about what is needed.
- Guidance
- This skill appears to do what it says (manage an OpenClaw cron job that announces 'drink-water-reminder'), but the package omits two runtime requirements: the openclaw CLI and node (used for JSON parsing). Before installing or running: 1) verify you have a trusted openclaw CLI installed and authenticated (cron commands will run under that CLI). 2) Ensure Node is available on PATH. 3) Inspect the scripts locally (they are short and understandable) and test them in a safe environment to confirm announcements and cron entries behave as you expect. If you want to proceed in production, ask the publisher to update the manifest to declare required binaries or provide an install spec so there are no surprises.
Review Dimensions
- Purpose & Capability
- concernThe scripts implement exactly the advertised functionality (add/list/remove a cron named 'drink-water-reminder' via the OpenClaw CLI). However the skill declares no required binaries or environment variables even though the scripts invoke the openclaw CLI and 'node'. The missing dependency declaration is an incoherence and could cause unexpected failures or hide required privileges.
- Instruction Scope
- noteSKILL.md instructs running the included bash scripts and does not ask for broader system access, sensitive files, or external endpoints. The scripts only parse openclaw cron JSON and call openclaw cron add/rm/list. They do use 'node -e' for JSON parsing (safe in context) and operate only on cron jobs named 'drink-water-reminder'. Still, SKILL.md does not mention the need for the openclaw CLI or Node, which is an omission.
- Install Mechanism
- okThere is no install spec (instruction-only plus included scripts). Nothing is downloaded from external URLs and no archive extraction occurs. This minimizes install-time risk.
- Credentials
- okThe skill does not request credentials or environment variables and the scripts do not read secrets. The only implicit requirement is that the operator's OpenClaw CLI be authenticated/available, which is reasonable for modifying OpenClaw cron jobs.
- Persistence & Privilege
- okThe skill does not request 'always: true' or elevated platform privileges. It adds/removes jobs in the OpenClaw cron system (its stated purpose). The add script uses '--session isolated' which limits session exposure.