Trust Assessment
cron-dashboard received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Command Injection via unsanitized <id> in openclaw cron commands, Command Injection via unsanitized --prompt, --name, or --schedule in openclaw cron create.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized --prompt, --name, or --schedule in openclaw cron create The skill instructs the LLM to execute `openclaw cron create` with arguments like `--name`, `--schedule`, and critically, `--prompt "..."`. If the content for these arguments is derived from untrusted user input and is not properly sanitized, an attacker could inject arbitrary shell commands. The `--prompt` argument is particularly dangerous as it implies the LLM will insert user-provided text, which could then be executed by the `openclaw` CLI. For example, a malicious user could provide a prompt like `"my_task"; evil_command; echo "`. Implement strict input validation and escaping for all arguments passed to `openclaw cron create`, especially `--name`, `--schedule`, and `--prompt`. The LLM should be explicitly instructed to sanitize user input for these parameters, and the `openclaw` CLI itself should be robust against command injection. Consider if `--prompt` should even accept arbitrary shell commands or if it should be restricted to specific types of input. | LLM | SKILL.md:19 | |
| HIGH | Command Injection via unsanitized <id> in openclaw cron commands The skill instructs the LLM to execute `openclaw cron show <id>`, `pause <id>`, `resume <id>`, and `delete <id>`. If the `<id>` parameter is derived from untrusted user input and is not properly sanitized by the LLM or the `openclaw` CLI, an attacker could inject arbitrary shell commands. For example, providing an ID like `123; rm -rf /` could lead to malicious execution. Ensure all user-provided arguments to shell commands are strictly validated and properly escaped (e.g., using `shlex.quote` in Python or similar mechanisms in other languages) before being passed to the shell. The LLM should be instructed to sanitize user input for these parameters. | LLM | SKILL.md:10 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sa9saq/cron-dashboard/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/3227e85a0ed239f4)
Powered by SkillShield