ClawHub

OpenClaw Cron Setup

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for configuring OpenClaw scheduled tasks, with disclosed but privacy-sensitive delivery options.

Install only if you want OpenClaw to configure persistent scheduled tasks. Review every job's prompt, schedule, retention, and delivery mode before enabling it; use delivery mode none for private tasks, and avoid sending secrets, personal data, health data, or business-sensitive summaries to chat channels or webhooks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents a `webhook` delivery mode that sends task output to an external HTTP endpoint, but it provides no warning about data exfiltration, trust boundaries, or the sensitivity of scheduled task results. In this skill’s context, cron jobs may run autonomously and process emails, calendars, health data, or other private content, so silent support for external POST delivery materially increases the chance of unintended disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states that omitting `delivery` defaults to `announce`, which can automatically send task results to a chat channel and summarize them into the main session without any cautionary notice. Because this scheduler supports unattended background execution, a permissive default can leak sensitive outputs to messaging destinations users did not explicitly intend to use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal