← Back to Skills Marketplace
firstfloris

Opencron Skill Repo

by Floris Jan-Werner van der Harst · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
214
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install opencron-skill-repo
Description
Visual cron job dashboard for OpenClaw — live countdown timers, run history, calendar view
Usage Guidance
This skill appears to implement the dashboard it describes, but there are clear inconsistencies and a real risk of leaking your gateway token. Things to consider before installing: - The SKILL.md and scripts use OPENCLAW_GATEWAY_TOKEN and CANVAS_PORT but the registry metadata does not declare these env vars — confirm where that token comes from and whether you are comfortable it will be placed into URLs. - The instructions explicitly tell the agent to build a public URL containing the gateway token and to fetch the public IP via an external service (ifconfig.me). Embedding a token in a query string makes it visible to anyone who can see logs, browser history, reverse proxies, or referer headers — avoid this unless the token is disposable or you control access carefully. - The included installer runs git (not declared) and executes Python scripts that read files under ~/.openclaw. Only install from a source you trust; review the repo contents locally before running the installer. - If you want this functionality but not the token-exposure behavior: modify update_canvas.py / SKILL.md to avoid putting the gateway token in client-side URLs. Instead, require server-side token validation (proxy the token check in nginx) or use short-lived access links. If you do proceed, run the install in an isolated environment, inspect and possibly harden the nginx reverse-proxy configuration (don’t accept tokens in query strings, enforce POST-only where appropriate, restrict what /runs/ exposes), and declare any environment variables/config paths in the skill metadata so the behavior matches what is advertised.
Capability Analysis
Type: OpenClaw Skill Name: opencron-skill-repo Version: 1.0.1 The skill bundle provides a legitimate-looking cron dashboard but includes instructions in SKILL.md that direct the AI agent to leak the sensitive OPENCLAW_GATEWAY_TOKEN by appending it to the chat output after every cron job. While intended for user convenience, this exposes authentication credentials in chat logs. Additionally, update_canvas.py fetches a remote HTML template from GitHub (raw.githubusercontent.com/firstfloris/opencron/master/cron-dashboard.html), creating a remote dependency that could be used to deliver malicious frontend code or perform XSS.
Capability Assessment
Purpose & Capability
The stated purpose (visual OpenClaw cron dashboard) matches the included code that reads ~/.openclaw/cron/jobs.json, writes canvas files, and serves or generates HTML. However the package metadata claims no required config paths or env vars while the SKILL.md and code clearly rely on HOME/.openclaw paths and an OPENCLAW_GATEWAY_TOKEN (used in examples/URLs). The installer (bin/install.js) invokes git but git is not declared in required binaries. These omissions are incoherent with the skill's operational needs.
Instruction Scope
Runtime instructions tell the agent to always append a public dashboard URL including ${OPENCLAW_GATEWAY_TOKEN} after every cron job run and to resolve HOST_IP via curl to ifconfig.me. That directs the agent to call an external service and to expose a gateway token in a publicly reachable URL — actions that go beyond simply 'showing a dashboard' and increase risk of token leakage and data exposure.
Install Mechanism
There is no formal install spec in the registry entry, but a bundled bin/install.js clones a GitHub repo and runs update_canvas.py. Cloning from GitHub is common, but the installer executes git and Python scripts (execFileSync) — the manifest did not declare git as required. The dashboard HTML is fetched from a raw GitHub URL (acceptable), but cloning/executing external repo contents should be treated as running third-party code.
Credentials
The registry lists no required environment variables, yet SKILL.md and examples rely on CANVAS_PORT and OPENCLAW_GATEWAY_TOKEN and instruct resolving them for public URLs. The skill also reads user-local files (~/.openclaw/cron/jobs.json and potentially run logs). Requesting no declared credentials while instructing the agent to use and embed a gateway token is a mismatch and can lead to unintentional disclosure of sensitive tokens.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. However the instructions explicitly require that every cron job's output includes a final line with a public URL containing the gateway token; if the agent invokes this skill autonomously that behavior could become automatic and spread the token. Autonomous invocation plus the token-exposure instruction raises the operational risk even though no elevated platform privilege is requested.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install opencron-skill-repo
  3. After installation, invoke the skill by name or use /opencron-skill-repo
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Added detailed SKILL.md documentation for deploying, syncing, and serving the OpenCron visual dashboard for OpenClaw cron jobs. - Included feature overview, quick start steps, script explanations, external access setup, and demo usage instructions. - Provided security notes, environment configuration guidance, and usage rules for public dashboard access.
Metadata
Slug opencron-skill-repo
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Opencron Skill Repo?

Visual cron job dashboard for OpenClaw — live countdown timers, run history, calendar view. It is an AI Agent Skill for Claude Code / OpenClaw, with 214 downloads so far.

How do I install Opencron Skill Repo?

Run "/install opencron-skill-repo" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Opencron Skill Repo free?

Yes, Opencron Skill Repo is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Opencron Skill Repo support?

Opencron Skill Repo is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Opencron Skill Repo?

It is built and maintained by Floris Jan-Werner van der Harst (@firstfloris); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments