← Back to Skills Marketplace
firstfloris

Opencron Skill Repo

by Floris Jan-Werner van der Harst · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ⚠ suspicious
266
Downloads
0
Stars
0
Active Installs
8
Versions
Install in OpenClaw
/install opencron
Description
Visual cron job dashboard for OpenClaw — live countdown timers, run history, calendar view
Usage Guidance
What to consider before installing: - Audit the dashboard HTML that will be fetched (cron-dashboard.html). If that template includes external scripts or trackers, they will run with access to the embedded cron data; either vendor a local copy of the template or inspect/strip remote scripts before serving. - The installer uses git to clone the repo but the skill metadata only lists python3 — ensure git is available and be aware the installer will clone a third‑party GitHub repository. - The skill writes to ~/.openclaw/canvas and (if present) /app/dist/control-ui. Confirm you want a third‑party skill to modify your gateway UI directory. - Serving the page is unauthenticated and the bridge port is exposed inside the container. Ensure network access to that port is appropriately restricted so untrusted clients cannot view embedded cron job/run data. - If you decide to install: consider running update_canvas.py once to fetch and inspect the generated cron.html locally (or use generate.py to produce a standalone HTML), and remove or sandbox any external resources (fonts, analytics, remote scripts) in the template. Also consider pinning the template to a specific vetted commit or embedding a vetted copy of the HTML in the skill bundle to avoid unexpected changes from upstream. Confidence notes: assessment is 'suspicious' because behavior is coherent with the described purpose, but the remote-template + embedded sensitive-data pattern and minor metadata/install mismatches increase risk. Additional evidence that would change the assessment: a vetted local copy of cron-dashboard.html bundled in the skill (no remote fetch) and an explicit declaration that the template contains no external scripts would reduce concern and could move this to 'benign.'
Capability Analysis
Type: OpenClaw Skill Name: opencron Version: 1.2.0 The skill implements a cron dashboard by fetching a remote HTML template from GitHub (raw.githubusercontent.com) and injecting local job data into it, which is then served via an unauthenticated HTTP server on port 18790 (serve.py) or written directly to the gateway's static UI directory (update_canvas.py). This architecture introduces a significant supply chain risk (RCE via remote template) and potential for unauthorized data exposure, as sensitive cron job details and run history are served without authentication. While these behaviors are high-risk, they appear to be functional components of the dashboard rather than intentional malware.
Capability Assessment
Purpose & Capability
The skill's declared purpose (visual cron dashboard) matches the files and runtime behavior: it reads ~/.openclaw/cron/jobs.json and runs history and serves an embedded dashboard. However there are small inconsistencies: registry metadata lists only python3 as a required binary while the provided installer (bin/install.js) calls git to clone the repo. The skill also writes into /app/dist/control-ui (gateway UI dir) which is consistent with deploying a UI but is a privileged filesystem target and should be expected/approved before use.
Instruction Scope
Runtime instructions and code explicitly read job and run files from the user's home dir and embed them into HTML served on the local bridge port; this is expected for a dashboard. The concern is that the dashboard HTML is fetched from GitHub at runtime and then served with sensitive data embedded. If that template contains third-party scripts or is changed upstream, those scripts would run in the page context and could exfiltrate window.__OPENCRON_DATA / __OPENCRON_RUNS. The SKILL.md asserts 'no client-side fetch, no auth' — which is accurate for data fetches but increases risk because any external resources referenced by the template (fonts, scripts, analytics) will be loaded by clients and could observe or transmit the embedded data.
Install Mechanism
There is no formal install spec in the registry, but the package includes bin/install.js which clones a GitHub repo and runs a Python deploy script. Cloning from GitHub is a common install mechanism; fetches of raw.githubusercontent.com are also standard. Two issues: (1) install.js invokes 'git' but git is not declared in the skill's required binaries; (2) the code will fetch remote HTML at runtime (urllib requests), so the served UI depends on content fetched over the network — if that remote content is compromised it affects this skill.
Credentials
The skill requests no credentials or environment variables and only reads expected local files (~/.openclaw/cron/jobs.json and runs/*.jsonl). That read access is proportional to the stated purpose. It does, however, write files to ~/.openclaw/canvas and optionally to /app/dist/control-ui which may require filesystem privileges; no secrets are requested by the skill itself.
Persistence & Privilege
always:false and the skill does not request elevated agent privileges, but it does run a long‑running local HTTP server on the bridge port (18790) and can install a background sync (watch_sync.sh). It also writes into the gateway UI directory (/app/dist/control-ui) if present — this modifies other components' served UI and therefore should be permitted only if you trust the skill and the template it deploys. The skill does not autonomously request additional credentials, but autonomous invocation combined with remote template fetch increases blast radius if the fetched content is malicious.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install opencron
  3. After installation, invoke the skill by name or use /opencron
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
OpenCron 1.2.0 streamlines dashboard setup and deployment. - Simplified setup: running serve.py now fetches, embeds, and serves the updated dashboard in one step. - Data is freshly embedded and served at /cron.html on every request—no client-side fetch needed. - Public IP/port guidance replaced with a static localhost URL for easier access and usage. - Scripts and documentation clarified; update_canvas.py can be run with --sync, and serve.py is the primary deployment path. - Outdated instructions and demo details removed for a cleaner, shorter README.
v1.1.0
- Simplified dashboard deployment: single background server on the OpenClaw bridge port (18790), no proxy or token auth needed. - Updated quick start instructions—run sync and server together; access via `http://${HOST_IP}:${OPENCLAW_BRIDGE_PORT:-18790}`. - Removed Nginx proxy and token gateway details from docs. - Clarified after-run instructions: always print the resolved dashboard link on the bridge port as last line. - Updated `serve.py` references to reflect its new usage as the main dashboard server.
v1.0.5
- Improved Quick Start and dashboard link instructions to auto-detect nginx proxy presence, providing the correct URL for both proxy and direct gateway access. - Updated "After Every Cron Job Run" guidance to recommend probing the proxy first and falling back to gateway path, ensuring users always get a working dashboard link. - Clarified nginx proxy section; emphasized its optional nature and provided clearer instructions for non-Docker or proxy-less setups. - No changes to code or features—documentation update only.
v1.0.4
**Changelog for opencron 1.0.4** - Documentation now instructs users to always use the nginx proxy port for dashboard access; gateway port is no longer suggested for browser use. - Updated all example URLs and scripts to consistently reference the nginx proxy port (`${CANVAS_PORT:-8090}`) and path `/cron.html`. - Revised after-cron-job guidance to remove gateway fallback, clarifying connection requirements and browser compatibility. - Improved Docker Compose example for external access: now uses `0.0.0.0` binding by default. - Refined instructions to discourage use of inaccessible internal IPs and to ensure variable resolution in output.
v1.0.3
- Improved dashboard URL and detection logic: the port and path are now auto-detected based on actual availability, with a fallback to the gateway route for reliability. - Quick Start and "After Every Cron Job Run" instructions updated to use new detection method for dashboard access. - Clarified the order of dashboard access: nginx proxy is tried first, gateway path as fallback. - Minor wording and formatting adjustments for clarity.
v1.0.2
- Improved dashboard launch instructions to auto-detect whether nginx proxy or gateway port should be used, falling back from `${CANVAS_PORT:-8090}` to 18789 if needed. - Updated all references and examples to use the new port detection method for generating dashboard URLs. - Clarified instructions to help avoid using internal IPs and ensure that all displayed links are externally accessible. - No other changes to features or functionality.
v1.0.1
- Updated dashboard access instructions to emphasize using the nginx proxy port (`${CANVAS_PORT:-8090}`) instead of the gateway port. - Clarified that the public IP should be determined using `curl -s ifconfig.me`, not `hostname -I`, for external accessibility. - Revised sample URLs and guidance to ensure accurate, user-facing dashboard links after cron job execution. - Added explicit rules to avoid placeholders and internal container IPs in generated output.
v1.0.0
OpenCron 1.0.0 — Initial Release - Launches a visual dashboard for OpenClaw cron jobs featuring live countdown timers, run history, and calendar view. - Dashboard auto-refreshes every 30 seconds and displays detailed info for each job, including output summaries and token usage. - Provides secure access via gateway token authentication and supports responsive, neon-accented UI with accessibility features. - Includes scripts for deployment, sync, HTML generation, and local serving. - Offers production-ready nginx configuration for external access with security best practices. - Demo mode available with mock data in `demo.html`.
Metadata
Slug opencron
Version 1.2.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 8
Frequently Asked Questions

What is Opencron Skill Repo?

Visual cron job dashboard for OpenClaw — live countdown timers, run history, calendar view. It is an AI Agent Skill for Claude Code / OpenClaw, with 266 downloads so far.

How do I install Opencron Skill Repo?

Run "/install opencron" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Opencron Skill Repo free?

Yes, Opencron Skill Repo is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Opencron Skill Repo support?

Opencron Skill Repo is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Opencron Skill Repo?

It is built and maintained by Floris Jan-Werner van der Harst (@firstfloris); the current version is v1.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments