Cron Helper

Type: OpenClaw Skill Name: cron-expression-helper Version: 1.0.0 The skill provides tools for managing cron expressions but contains several security vulnerabilities. Specifically, `scripts/create_cron.py` allows writing output to a user-specified filename without path sanitization, which could lead to arbitrary file write or path traversal attacks. Additionally, `scripts/simple_test.py` and `scripts/test_skill.py` use `subprocess.run` with `shell=True` to execute commands, posing a shell injection risk if the input were ever influenced by untrusted data. No evidence of intentional malice or data exfiltration was found.