← 返回 Skills 市场
368
总下载
0
收藏
2
当前安装
3
版本数
在 OpenClaw 中安装
/install safe-cron-runner
功能描述
Executes background tasks safely by dropping privileges and enforcing timeouts. Includes ISNAD signed manifest.
安全使用建议
This skill appears to do what it claims and does not ask for credentials or network access. Before installing, consider: (1) Logs: the runner appends executed commands and output previews to /tmp/safe_cron.log — avoid passing secrets or sensitive arguments to commands you run with this skill, and if you adopt it, change the log path and tighten permissions. (2) Privilege drop: the code only drops privileges when started as root (expected behavior); validate that your runtime environment behaves as you expect. (3) ISNAD manifest: a signed manifest is included but the code does not verify it at runtime — if provenance matters, verify the signature externally. (4) Audit: review/monitor agent use of this skill before allowing autonomous invocations to ensure it isn't used to run unexpected commands. If you want stronger privacy, modify the code to sanitize logged arguments and to write logs to a controlled location with restricted permissions.
功能分析
Type: OpenClaw Skill
Name: safe-cron-runner
Version: 1.0.2
The 'safe-cron-runner' skill is a utility designed to execute background tasks with security controls such as privilege dropping (to 'nobody'), hard timeouts, and shell injection prevention by enforcing list-based command execution. The code in safe_cron.py aligns with its stated purpose in SKILL.md, and the inclusion of an ISNAD manifest (isnad_manifest.json) suggests an attempt at providing integrity verification. No evidence of data exfiltration, backdoors, or malicious prompt injection was found.
能力评估
Purpose & Capability
Name/description match the code: the module drops privileges when run as root, enforces a timeout, runs subprocesses without shell=True, and logs results. No unexpected binaries, env vars, or external services are requested.
Instruction Scope
SKILL.md describes exactly the behaviors implemented in safe_cron.py. However, SKILL.md does not call out that the runner writes an audit log to /tmp/safe_cron.log containing the joined command string and stdout/stderr previews — this can leak arguments or sensitive data. Also the bundle includes an ISNAD manifest and PGP signature, but the runtime code does not verify the manifest or signature.
Install Mechanism
There is no install spec (instruction-only skill) and no downloads. The only code is included in the package; nothing is fetched from external URLs during install.
Credentials
The skill requests no environment variables or credentials. A minor proportionality concern: it writes logs to /tmp (world-writable area on many systems), potentially exposing commands/arguments and output. Privilege dropping only takes effect when the process is started as root; otherwise it's a no-op (this is expected but worth noting).
Persistence & Privilege
always:false and no install hooks or configuration changes are requested. The skill does allow subprocess execution (normal for a cron runner); autonomous invocation is allowed by default but not in itself a red flag here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install safe-cron-runner - 安装完成后,直接呼叫该 Skill 的名称或使用
/safe-cron-runner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Fixed technical mismatches: aligned code with documentation claims and removed unverified features.
v1.0.1
Standardized ISNAD manifest filename.
v1.0.0
Initial release (Gold Standard)
元数据
常见问题
Safe Cron Runner 是什么?
Executes background tasks safely by dropping privileges and enforcing timeouts. Includes ISNAD signed manifest. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 368 次。
如何安装 Safe Cron Runner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install safe-cron-runner」即可一键安装,无需额外配置。
Safe Cron Runner 是免费的吗?
是的,Safe Cron Runner 完全免费(开源免费),可自由下载、安装和使用。
Safe Cron Runner 支持哪些平台?
Safe Cron Runner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Safe Cron Runner?
由 horn111(@horn111)开发并维护,当前版本 v1.0.2。
推荐 Skills