ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cron Limited

v1.2.0

创建支持有限次数重复的定时任务,自动在第N次执行后清理自身。支持农历生日提醒,农历日期自动转阳历后每年自动重复。当用户需要「每X分钟执行一次,执行N次后自动停止」或「农历生日每年提醒,提前N天提醒」时使用。

0· 64·0 current·0 all-time
by@yuzhiyongcn-coder
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims no required binaries/env but the script and SKILL.md clearly require: openclaw CLI, Python3 with the lunarcalendar library, and jq. It also reads/writes ~/.openclaw/cron-limited, which is consistent with storing reminders but was not reflected in declared requirements. The functionality (limited-repeat cron + lunar birthday reminders) is coherent, but the metadata omission of obvious runtime dependencies is a mismatch.
Instruction Scope
SKILL.md instructs the agent to process a special message 'CRON-LIMITED-DAILY-CHECK' by reading ~/.openclaw/cron-limited/birthdays.json, computing dates (Shanghai TZ), and sending messages via openclaw agent CLI. That is within the stated purpose. Two things to watch: (1) the script creates a 'delete' cron whose message is the literal string 'openclaw cron rm <id>' — if the platform treats cron job messages as executable commands, that could cause arbitrary command execution; the docs do not clarify whether messages are executed or only delivered as text. (2) The script reads and writes user files in the home directory and expects the agent to send messages on behalf of the user—this is expected for a notifier but is sensitive behavior (it can send messages to external recipients).
!
Install Mechanism
No install spec is provided, yet the script calls /tmp/lunar-venv/bin/python3 and expects the lunarcalendar library. There is no step that creates or validates this virtualenv. The hard-coded /tmp/lunar-venv path is brittle and could be abused if an attacker can place a malicious python binary there. No remote downloads appear in the skill, which reduces install-time risk, but the absent setup instructions are a practical and security concern.
Credentials
The skill requests no environment variables or credentials — which is proportionate to a local reminder/cron helper. However, it implicitly requires the openclaw CLI to be able to deliver messages (and jq for JSON parsing), and those requirements were not reflected in the declared metadata. The script writes to and reads from $HOME/.openclaw/cron-limited; that's expected for configuration storage but gives the skill access to that directory.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It creates cron jobs via the openclaw cron API and writes its own config under ~/.openclaw/cron-limited, which is appropriate for its purpose. This level of persistence is expected for a scheduling skill.
What to consider before installing
This skill appears to implement the advertised features, but there are practical and security issues you should address before installing: - Verify prerequisites: ensure Python3, lunarcalendar, jq, and the openclaw CLI are installed and trusted. The skill does not declare these in its metadata, which is an omission. - The script calls /tmp/lunar-venv/bin/python3 but does not create or validate that venv. Either create a controlled venv at that path yourself or modify the script to use a known Python interpreter to avoid running an attacker-provided binary in /tmp. - Understand how your OpenClaw runtime treats cron job messages: are they delivered as text only, or can they be interpreted/executed by the agent? The script sets a deletion job message to "openclaw cron rm <id>" — if messages get executed as commands, that could allow arbitrary command execution via crafted job messages. Confirm behavior and restrict who can create cron jobs. - Inspect and control ~/.openclaw/cron-limited/birthdays.json and the recipients (channel/to). The agent will send messages on your behalf to those destinations — ensure they are correct and limited to trusted recipients. - Consider editing the script to use a configurable python path and to explicitly create/activate its venv (or rely on system python), and to avoid embedding executable commands inside job message text unless you are certain the platform treats messages only as content. If you cannot verify the above, treat this skill as risky. If you proceed, run it in a controlled environment first and inspect created cron jobs and the config files it writes.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d2jnyf2877jn9zmcphd5afn83q4zf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments