← 返回 Skills 市场
phenomenoner

Cron Worker Guardrails

作者 phenomenoner · GitHub ↗ · v1.0.5
cross-platform ✓ 安全检测通过
1043
总下载
0
收藏
2
当前安装
3
版本数
在 OpenClaw 中安装
/install cron-worker-guardrails
功能描述
Use when: hardening OpenClaw cron/background workers (POSIX shells: bash/sh) against brittle quoting, cwd/env drift, and false pipeline failures (SIGPIPE, pi...
使用说明 (SKILL.md)

Cron Worker Guardrails (POSIX)

A reliability-first checklist for OpenClaw cron workers and any unattended automation.

Scope (important)

  • This skill is POSIX-focused (bash/sh examples).
  • The principles are portable, but if you're on Windows/PowerShell you'll need equivalent patterns.

The NO_REPLY convention

Many OpenClaw setups treat emitting exactly NO_REPLY as "silent success" (no human notification).

  • If your runtime does not support NO_REPLY, interpret it as: print nothing on success.

Quick Start

  1. Scripts-first: move logic into a repo script (recommended: tools/\x3Cjob>.py or tools/\x3Cjob>.sh).
  2. One command in cron: cron should run one short command (no multi-line bash -lc '...').
  3. Deterministic cwd/env: cd to the repo (or have the script do it), and document required env vars.
  4. Silent on success: print nothing (or exactly NO_REPLY) when OK; only emit a short alert when broken.

Also see:

  • references/cron-agent-contract.md
  • references/pitfalls.md

Why this skill exists

Cron failures are rarely "logic bugs". In practice they're often:

  • brittle shell quoting (bash -lc '...' nested quotes)
  • command substitution surprises ($(...))
  • one-liners that hide escaping bugs (python -c "...")
  • cwd/env drift ("works locally, fails in cron")
  • pipelines that fail for the wrong reason (pipefail + head / SIGPIPE)

The fix is boring but effective: scripts-first + deterministic execution + silent-on-success.

Portability rules (still apply)

Even on POSIX, do not hardcode deployment-specific absolute paths tied to one machine.

Prefer:

  • repo-relative paths
  • environment variables you document
  • minimal wrappers that cd into the repo

Common failure patterns -> fixes

1) unexpected EOF while looking for matching ')'

Likely causes:

  • unclosed $(...) from command substitution
  • broken nested quotes in bash -lc ' ... '

Fix pattern:

  • Replace the whole multi-line shell block with a script.
  • Cron calls exactly one short command, for example:
    • python3 tools/\x3Cjob>.py

2) False failure from pipefail + head (SIGPIPE)

Symptom:

  • command exits non-zero even though the output you wanted is fine

Fix pattern:

  • avoid pipefail when piping into head
  • or better: do the filtering in a script (read only what you need)

3) "Works locally, fails in cron"

Common causes:

  • wrong working directory
  • missing env vars
  • different PATH

Fix pattern:

  • cd into the repo (or have the script do it)
  • keep dependencies explicit and documented

Git footgun: git push rejected (non-fast-forward)

Symptom:

  • ! [rejected] ... (non-fast-forward) when automation pushes to a long-lived PR/feature branch.

Conservative fix (no force-push):

  • On rejection, fetch the remote branch, transplant your new local commits onto it (cherry-pick), then retry push once.

Copy/paste hardening header (portable)

Use this near the top of a cron prompt (2 lines, low-noise):

  • Hardening (MUST): follow references/cron-agent-contract.md (scripts-first, deterministic cwd, silent-on-success).
  • Also apply the cron-worker-guardrails skill. If parsing/multi-step logic is needed, write/run a small tools/*.py script.
安全使用建议
This is a documentation-only skill that provides sensible, POSIX-specific cron hardening guidance. Before adopting: (1) confirm your runtime actually treats the sentinel NO_REPLY as described (or decide on an equivalent silent-success behavior); (2) test suggested patterns in a staging environment (ensure scripts are executable, chdir behavior works, and alerts on failure are actionable); (3) adapt examples if you run non-POSIX shells (Windows/PowerShell); and (4) follow the skill's own advice about not printing secrets — ensure your cron scripts redact or never log sensitive values. Overall it's coherent and low-risk, but treat it as best-practice guidance rather than a replacement for application-level fixes.
功能分析
Type: OpenClaw Skill Name: cron-worker-guardrails Version: 1.0.5 This OpenClaw skill bundle is benign. Its purpose is to provide guardrails and best practices for hardening cron/background workers, focusing on reliability and security. The `SKILL.md` and reference documents (`references/cron-agent-contract.md`, `references/pitfalls.md`) offer advice on avoiding common pitfalls like shell injection, brittle quoting, and environment drift. Crucially, `references/pitfalls.md` explicitly warns against 'Secret leakage in debug output' and advises redacting sensitive information, directly contradicting any malicious intent. There are no instructions for the agent to perform unauthorized actions, exfiltrate data, or establish persistence.
能力评估
Purpose & Capability
The name/description (cron hardening) matches the SKILL.md and reference files. No unexpected binaries, environment variables, or external services are required; all guidance is about execution patterns and scripts, which is appropriate for the stated goal.
Instruction Scope
Runtime instructions are scoped to making cron jobs deterministic and low-noise (scripts-first, cd to repo, NO_REPLY, avoid complex shell constructs). Examples show running local scripts (python3 tools/*.py) and short shell wrappers. The docs explicitly warn about secret leakage and advise redaction; there are no instructions to collect or transmit data to external endpoints or to read unrelated system files.
Install Mechanism
No install spec and no code files beyond static documentation — nothing is written to disk or downloaded. This is the lowest-risk pattern and is proportional to an advisory/checklist skill.
Credentials
The skill declares no required env vars or credentials. It even cautions against printing secrets in logs and recommends documenting any env vars a job needs. There are no disproportionate credential requests.
Persistence & Privilege
The skill is not always-enabled, does not request system-level persistence, and does not attempt to modify other skills or global agent configuration. Autonomous invocation is allowed by platform default but the skill content does not exploit that.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install cron-worker-guardrails
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /cron-worker-guardrails 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.5
POSIX-scoped hardening guide: define NO_REPLY, improve Quick Start, generalize branch examples, refresh contract wording.
v1.0.1
Generalize for native OpenClaw: remove deployment-specific paths, add portable cron-agent contract reference, and clarify cross-platform path rules.
v1.0.0
Initial release: scripts-first cron hardening checklist (quoting pitfalls, SIGPIPE, uv patterns).
元数据
Slug cron-worker-guardrails
版本 1.0.5
许可证
累计安装 2
当前安装数 2
历史版本数 3
常见问题

Cron Worker Guardrails 是什么?

Use when: hardening OpenClaw cron/background workers (POSIX shells: bash/sh) against brittle quoting, cwd/env drift, and false pipeline failures (SIGPIPE, pi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1043 次。

如何安装 Cron Worker Guardrails?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cron-worker-guardrails」即可一键安装,无需额外配置。

Cron Worker Guardrails 是免费的吗?

是的,Cron Worker Guardrails 完全免费(开源免费),可自由下载、安装和使用。

Cron Worker Guardrails 支持哪些平台?

Cron Worker Guardrails 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Cron Worker Guardrails?

由 phenomenoner(@phenomenoner)开发并维护,当前版本 v1.0.5。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论