← Back to Skills Marketplace
horn111

Safe Cron Runner

by horn111 · GitHub ↗ · v1.0.2
cross-platform ✓ Security Clean
368
Downloads
0
Stars
2
Active Installs
3
Versions
Install in OpenClaw
/install safe-cron-runner
Description
Executes background tasks safely by dropping privileges and enforcing timeouts. Includes ISNAD signed manifest.
Usage Guidance
This skill appears to do what it claims and does not ask for credentials or network access. Before installing, consider: (1) Logs: the runner appends executed commands and output previews to /tmp/safe_cron.log — avoid passing secrets or sensitive arguments to commands you run with this skill, and if you adopt it, change the log path and tighten permissions. (2) Privilege drop: the code only drops privileges when started as root (expected behavior); validate that your runtime environment behaves as you expect. (3) ISNAD manifest: a signed manifest is included but the code does not verify it at runtime — if provenance matters, verify the signature externally. (4) Audit: review/monitor agent use of this skill before allowing autonomous invocations to ensure it isn't used to run unexpected commands. If you want stronger privacy, modify the code to sanitize logged arguments and to write logs to a controlled location with restricted permissions.
Capability Analysis
Type: OpenClaw Skill Name: safe-cron-runner Version: 1.0.2 The 'safe-cron-runner' skill is a utility designed to execute background tasks with security controls such as privilege dropping (to 'nobody'), hard timeouts, and shell injection prevention by enforcing list-based command execution. The code in safe_cron.py aligns with its stated purpose in SKILL.md, and the inclusion of an ISNAD manifest (isnad_manifest.json) suggests an attempt at providing integrity verification. No evidence of data exfiltration, backdoors, or malicious prompt injection was found.
Capability Assessment
Purpose & Capability
Name/description match the code: the module drops privileges when run as root, enforces a timeout, runs subprocesses without shell=True, and logs results. No unexpected binaries, env vars, or external services are requested.
Instruction Scope
SKILL.md describes exactly the behaviors implemented in safe_cron.py. However, SKILL.md does not call out that the runner writes an audit log to /tmp/safe_cron.log containing the joined command string and stdout/stderr previews — this can leak arguments or sensitive data. Also the bundle includes an ISNAD manifest and PGP signature, but the runtime code does not verify the manifest or signature.
Install Mechanism
There is no install spec (instruction-only skill) and no downloads. The only code is included in the package; nothing is fetched from external URLs during install.
Credentials
The skill requests no environment variables or credentials. A minor proportionality concern: it writes logs to /tmp (world-writable area on many systems), potentially exposing commands/arguments and output. Privilege dropping only takes effect when the process is started as root; otherwise it's a no-op (this is expected but worth noting).
Persistence & Privilege
always:false and no install hooks or configuration changes are requested. The skill does allow subprocess execution (normal for a cron runner); autonomous invocation is allowed by default but not in itself a red flag here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install safe-cron-runner
  3. After installation, invoke the skill by name or use /safe-cron-runner
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Fixed technical mismatches: aligned code with documentation claims and removed unverified features.
v1.0.1
Standardized ISNAD manifest filename.
v1.0.0
Initial release (Gold Standard)
Metadata
Slug safe-cron-runner
Version 1.0.2
License
All-time Installs 2
Active Installs 2
Total Versions 3
Frequently Asked Questions

What is Safe Cron Runner?

Executes background tasks safely by dropping privileges and enforcing timeouts. Includes ISNAD signed manifest. It is an AI Agent Skill for Claude Code / OpenClaw, with 368 downloads so far.

How do I install Safe Cron Runner?

Run "/install safe-cron-runner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Safe Cron Runner free?

Yes, Safe Cron Runner is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Safe Cron Runner support?

Safe Cron Runner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Safe Cron Runner?

It is built and maintained by horn111 (@horn111); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments