← 返回 Skills 市场
firstfloris

Opencron Skill Repo

作者 Floris Jan-Werner van der Harst · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ⚠ suspicious
266
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install opencron
功能描述
Visual cron job dashboard for OpenClaw — live countdown timers, run history, calendar view
安全使用建议
What to consider before installing: - Audit the dashboard HTML that will be fetched (cron-dashboard.html). If that template includes external scripts or trackers, they will run with access to the embedded cron data; either vendor a local copy of the template or inspect/strip remote scripts before serving. - The installer uses git to clone the repo but the skill metadata only lists python3 — ensure git is available and be aware the installer will clone a third‑party GitHub repository. - The skill writes to ~/.openclaw/canvas and (if present) /app/dist/control-ui. Confirm you want a third‑party skill to modify your gateway UI directory. - Serving the page is unauthenticated and the bridge port is exposed inside the container. Ensure network access to that port is appropriately restricted so untrusted clients cannot view embedded cron job/run data. - If you decide to install: consider running update_canvas.py once to fetch and inspect the generated cron.html locally (or use generate.py to produce a standalone HTML), and remove or sandbox any external resources (fonts, analytics, remote scripts) in the template. Also consider pinning the template to a specific vetted commit or embedding a vetted copy of the HTML in the skill bundle to avoid unexpected changes from upstream. Confidence notes: assessment is 'suspicious' because behavior is coherent with the described purpose, but the remote-template + embedded sensitive-data pattern and minor metadata/install mismatches increase risk. Additional evidence that would change the assessment: a vetted local copy of cron-dashboard.html bundled in the skill (no remote fetch) and an explicit declaration that the template contains no external scripts would reduce concern and could move this to 'benign.'
功能分析
Type: OpenClaw Skill Name: opencron Version: 1.2.0 The skill implements a cron dashboard by fetching a remote HTML template from GitHub (raw.githubusercontent.com) and injecting local job data into it, which is then served via an unauthenticated HTTP server on port 18790 (serve.py) or written directly to the gateway's static UI directory (update_canvas.py). This architecture introduces a significant supply chain risk (RCE via remote template) and potential for unauthorized data exposure, as sensitive cron job details and run history are served without authentication. While these behaviors are high-risk, they appear to be functional components of the dashboard rather than intentional malware.
能力评估
Purpose & Capability
The skill's declared purpose (visual cron dashboard) matches the files and runtime behavior: it reads ~/.openclaw/cron/jobs.json and runs history and serves an embedded dashboard. However there are small inconsistencies: registry metadata lists only python3 as a required binary while the provided installer (bin/install.js) calls git to clone the repo. The skill also writes into /app/dist/control-ui (gateway UI dir) which is consistent with deploying a UI but is a privileged filesystem target and should be expected/approved before use.
Instruction Scope
Runtime instructions and code explicitly read job and run files from the user's home dir and embed them into HTML served on the local bridge port; this is expected for a dashboard. The concern is that the dashboard HTML is fetched from GitHub at runtime and then served with sensitive data embedded. If that template contains third-party scripts or is changed upstream, those scripts would run in the page context and could exfiltrate window.__OPENCRON_DATA / __OPENCRON_RUNS. The SKILL.md asserts 'no client-side fetch, no auth' — which is accurate for data fetches but increases risk because any external resources referenced by the template (fonts, scripts, analytics) will be loaded by clients and could observe or transmit the embedded data.
Install Mechanism
There is no formal install spec in the registry, but the package includes bin/install.js which clones a GitHub repo and runs a Python deploy script. Cloning from GitHub is a common install mechanism; fetches of raw.githubusercontent.com are also standard. Two issues: (1) install.js invokes 'git' but git is not declared in the skill's required binaries; (2) the code will fetch remote HTML at runtime (urllib requests), so the served UI depends on content fetched over the network — if that remote content is compromised it affects this skill.
Credentials
The skill requests no credentials or environment variables and only reads expected local files (~/.openclaw/cron/jobs.json and runs/*.jsonl). That read access is proportional to the stated purpose. It does, however, write files to ~/.openclaw/canvas and optionally to /app/dist/control-ui which may require filesystem privileges; no secrets are requested by the skill itself.
Persistence & Privilege
always:false and the skill does not request elevated agent privileges, but it does run a long‑running local HTTP server on the bridge port (18790) and can install a background sync (watch_sync.sh). It also writes into the gateway UI directory (/app/dist/control-ui) if present — this modifies other components' served UI and therefore should be permitted only if you trust the skill and the template it deploys. The skill does not autonomously request additional credentials, but autonomous invocation combined with remote template fetch increases blast radius if the fetched content is malicious.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install opencron
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /opencron 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
OpenCron 1.2.0 streamlines dashboard setup and deployment. - Simplified setup: running serve.py now fetches, embeds, and serves the updated dashboard in one step. - Data is freshly embedded and served at /cron.html on every request—no client-side fetch needed. - Public IP/port guidance replaced with a static localhost URL for easier access and usage. - Scripts and documentation clarified; update_canvas.py can be run with --sync, and serve.py is the primary deployment path. - Outdated instructions and demo details removed for a cleaner, shorter README.
v1.1.0
- Simplified dashboard deployment: single background server on the OpenClaw bridge port (18790), no proxy or token auth needed. - Updated quick start instructions—run sync and server together; access via `http://${HOST_IP}:${OPENCLAW_BRIDGE_PORT:-18790}`. - Removed Nginx proxy and token gateway details from docs. - Clarified after-run instructions: always print the resolved dashboard link on the bridge port as last line. - Updated `serve.py` references to reflect its new usage as the main dashboard server.
v1.0.5
- Improved Quick Start and dashboard link instructions to auto-detect nginx proxy presence, providing the correct URL for both proxy and direct gateway access. - Updated "After Every Cron Job Run" guidance to recommend probing the proxy first and falling back to gateway path, ensuring users always get a working dashboard link. - Clarified nginx proxy section; emphasized its optional nature and provided clearer instructions for non-Docker or proxy-less setups. - No changes to code or features—documentation update only.
v1.0.4
**Changelog for opencron 1.0.4** - Documentation now instructs users to always use the nginx proxy port for dashboard access; gateway port is no longer suggested for browser use. - Updated all example URLs and scripts to consistently reference the nginx proxy port (`${CANVAS_PORT:-8090}`) and path `/cron.html`. - Revised after-cron-job guidance to remove gateway fallback, clarifying connection requirements and browser compatibility. - Improved Docker Compose example for external access: now uses `0.0.0.0` binding by default. - Refined instructions to discourage use of inaccessible internal IPs and to ensure variable resolution in output.
v1.0.3
- Improved dashboard URL and detection logic: the port and path are now auto-detected based on actual availability, with a fallback to the gateway route for reliability. - Quick Start and "After Every Cron Job Run" instructions updated to use new detection method for dashboard access. - Clarified the order of dashboard access: nginx proxy is tried first, gateway path as fallback. - Minor wording and formatting adjustments for clarity.
v1.0.2
- Improved dashboard launch instructions to auto-detect whether nginx proxy or gateway port should be used, falling back from `${CANVAS_PORT:-8090}` to 18789 if needed. - Updated all references and examples to use the new port detection method for generating dashboard URLs. - Clarified instructions to help avoid using internal IPs and ensure that all displayed links are externally accessible. - No other changes to features or functionality.
v1.0.1
- Updated dashboard access instructions to emphasize using the nginx proxy port (`${CANVAS_PORT:-8090}`) instead of the gateway port. - Clarified that the public IP should be determined using `curl -s ifconfig.me`, not `hostname -I`, for external accessibility. - Revised sample URLs and guidance to ensure accurate, user-facing dashboard links after cron job execution. - Added explicit rules to avoid placeholders and internal container IPs in generated output.
v1.0.0
OpenCron 1.0.0 — Initial Release - Launches a visual dashboard for OpenClaw cron jobs featuring live countdown timers, run history, and calendar view. - Dashboard auto-refreshes every 30 seconds and displays detailed info for each job, including output summaries and token usage. - Provides secure access via gateway token authentication and supports responsive, neon-accented UI with accessibility features. - Includes scripts for deployment, sync, HTML generation, and local serving. - Offers production-ready nginx configuration for external access with security best practices. - Demo mode available with mock data in `demo.html`.
元数据
Slug opencron
版本 1.2.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 8
常见问题

Opencron Skill Repo 是什么?

Visual cron job dashboard for OpenClaw — live countdown timers, run history, calendar view. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 266 次。

如何安装 Opencron Skill Repo?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install opencron」即可一键安装,无需额外配置。

Opencron Skill Repo 是免费的吗?

是的,Opencron Skill Repo 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Opencron Skill Repo 支持哪些平台?

Opencron Skill Repo 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Opencron Skill Repo?

由 Floris Jan-Werner van der Harst(@firstfloris)开发并维护,当前版本 v1.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论