← Back to Skills Marketplace
phenomenoner

Cron Worker Guardrails

by phenomenoner · GitHub ↗ · v1.0.5
cross-platform ✓ Security Clean
1043
Downloads
0
Stars
2
Active Installs
3
Versions
Install in OpenClaw
/install cron-worker-guardrails
Description
Use when: hardening OpenClaw cron/background workers (POSIX shells: bash/sh) against brittle quoting, cwd/env drift, and false pipeline failures (SIGPIPE, pi...
README (SKILL.md)

Cron Worker Guardrails (POSIX)

A reliability-first checklist for OpenClaw cron workers and any unattended automation.

Scope (important)

  • This skill is POSIX-focused (bash/sh examples).
  • The principles are portable, but if you're on Windows/PowerShell you'll need equivalent patterns.

The NO_REPLY convention

Many OpenClaw setups treat emitting exactly NO_REPLY as "silent success" (no human notification).

  • If your runtime does not support NO_REPLY, interpret it as: print nothing on success.

Quick Start

  1. Scripts-first: move logic into a repo script (recommended: tools/\x3Cjob>.py or tools/\x3Cjob>.sh).
  2. One command in cron: cron should run one short command (no multi-line bash -lc '...').
  3. Deterministic cwd/env: cd to the repo (or have the script do it), and document required env vars.
  4. Silent on success: print nothing (or exactly NO_REPLY) when OK; only emit a short alert when broken.

Also see:

  • references/cron-agent-contract.md
  • references/pitfalls.md

Why this skill exists

Cron failures are rarely "logic bugs". In practice they're often:

  • brittle shell quoting (bash -lc '...' nested quotes)
  • command substitution surprises ($(...))
  • one-liners that hide escaping bugs (python -c "...")
  • cwd/env drift ("works locally, fails in cron")
  • pipelines that fail for the wrong reason (pipefail + head / SIGPIPE)

The fix is boring but effective: scripts-first + deterministic execution + silent-on-success.

Portability rules (still apply)

Even on POSIX, do not hardcode deployment-specific absolute paths tied to one machine.

Prefer:

  • repo-relative paths
  • environment variables you document
  • minimal wrappers that cd into the repo

Common failure patterns -> fixes

1) unexpected EOF while looking for matching ')'

Likely causes:

  • unclosed $(...) from command substitution
  • broken nested quotes in bash -lc ' ... '

Fix pattern:

  • Replace the whole multi-line shell block with a script.
  • Cron calls exactly one short command, for example:
    • python3 tools/\x3Cjob>.py

2) False failure from pipefail + head (SIGPIPE)

Symptom:

  • command exits non-zero even though the output you wanted is fine

Fix pattern:

  • avoid pipefail when piping into head
  • or better: do the filtering in a script (read only what you need)

3) "Works locally, fails in cron"

Common causes:

  • wrong working directory
  • missing env vars
  • different PATH

Fix pattern:

  • cd into the repo (or have the script do it)
  • keep dependencies explicit and documented

Git footgun: git push rejected (non-fast-forward)

Symptom:

  • ! [rejected] ... (non-fast-forward) when automation pushes to a long-lived PR/feature branch.

Conservative fix (no force-push):

  • On rejection, fetch the remote branch, transplant your new local commits onto it (cherry-pick), then retry push once.

Copy/paste hardening header (portable)

Use this near the top of a cron prompt (2 lines, low-noise):

  • Hardening (MUST): follow references/cron-agent-contract.md (scripts-first, deterministic cwd, silent-on-success).
  • Also apply the cron-worker-guardrails skill. If parsing/multi-step logic is needed, write/run a small tools/*.py script.
Usage Guidance
This is a documentation-only skill that provides sensible, POSIX-specific cron hardening guidance. Before adopting: (1) confirm your runtime actually treats the sentinel NO_REPLY as described (or decide on an equivalent silent-success behavior); (2) test suggested patterns in a staging environment (ensure scripts are executable, chdir behavior works, and alerts on failure are actionable); (3) adapt examples if you run non-POSIX shells (Windows/PowerShell); and (4) follow the skill's own advice about not printing secrets — ensure your cron scripts redact or never log sensitive values. Overall it's coherent and low-risk, but treat it as best-practice guidance rather than a replacement for application-level fixes.
Capability Analysis
Type: OpenClaw Skill Name: cron-worker-guardrails Version: 1.0.5 This OpenClaw skill bundle is benign. Its purpose is to provide guardrails and best practices for hardening cron/background workers, focusing on reliability and security. The `SKILL.md` and reference documents (`references/cron-agent-contract.md`, `references/pitfalls.md`) offer advice on avoiding common pitfalls like shell injection, brittle quoting, and environment drift. Crucially, `references/pitfalls.md` explicitly warns against 'Secret leakage in debug output' and advises redacting sensitive information, directly contradicting any malicious intent. There are no instructions for the agent to perform unauthorized actions, exfiltrate data, or establish persistence.
Capability Assessment
Purpose & Capability
The name/description (cron hardening) matches the SKILL.md and reference files. No unexpected binaries, environment variables, or external services are required; all guidance is about execution patterns and scripts, which is appropriate for the stated goal.
Instruction Scope
Runtime instructions are scoped to making cron jobs deterministic and low-noise (scripts-first, cd to repo, NO_REPLY, avoid complex shell constructs). Examples show running local scripts (python3 tools/*.py) and short shell wrappers. The docs explicitly warn about secret leakage and advise redaction; there are no instructions to collect or transmit data to external endpoints or to read unrelated system files.
Install Mechanism
No install spec and no code files beyond static documentation — nothing is written to disk or downloaded. This is the lowest-risk pattern and is proportional to an advisory/checklist skill.
Credentials
The skill declares no required env vars or credentials. It even cautions against printing secrets in logs and recommends documenting any env vars a job needs. There are no disproportionate credential requests.
Persistence & Privilege
The skill is not always-enabled, does not request system-level persistence, and does not attempt to modify other skills or global agent configuration. Autonomous invocation is allowed by platform default but the skill content does not exploit that.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install cron-worker-guardrails
  3. After installation, invoke the skill by name or use /cron-worker-guardrails
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.5
POSIX-scoped hardening guide: define NO_REPLY, improve Quick Start, generalize branch examples, refresh contract wording.
v1.0.1
Generalize for native OpenClaw: remove deployment-specific paths, add portable cron-agent contract reference, and clarify cross-platform path rules.
v1.0.0
Initial release: scripts-first cron hardening checklist (quoting pitfalls, SIGPIPE, uv patterns).
Metadata
Slug cron-worker-guardrails
Version 1.0.5
License
All-time Installs 2
Active Installs 2
Total Versions 3
Frequently Asked Questions

What is Cron Worker Guardrails?

Use when: hardening OpenClaw cron/background workers (POSIX shells: bash/sh) against brittle quoting, cwd/env drift, and false pipeline failures (SIGPIPE, pi... It is an AI Agent Skill for Claude Code / OpenClaw, with 1043 downloads so far.

How do I install Cron Worker Guardrails?

Run "/install cron-worker-guardrails" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cron Worker Guardrails free?

Yes, Cron Worker Guardrails is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Cron Worker Guardrails support?

Cron Worker Guardrails is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Cron Worker Guardrails?

It is built and maintained by phenomenoner (@phenomenoner); the current version is v1.0.5.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments