opencron Security Report — Low Risk | ClawSafe

20 /100

opencron

Visual cron job dashboard for OpenClaw — live countdown timers, run history, calendar view

OpenCron is a legitimate cron job dashboard skill with undeclared network fetch and filesystem write permissions, but all functionality serves the stated purpose with no malicious indicators.

Skill Nameopencron

Duration37.9s

Enginepi

✓

Safe to install

Consider documenting the network:READ and filesystem:WRITE permissions in SKILL.md for full transparency. The skill is safe to use.

Findings 3 items

Severity	Finding	Location
Low	Network fetch not documented in SKILL.md The skill fetches dashboard HTML from https://raw.githubusercontent.com/firstfloris/opencron/master/cron-dashboard.html but this is not declared in SKILL.md's capability documentation. `urllib.request.urlopen(DASHBOARD_URL).read()` → Add network:READ to the declared capabilities in SKILL.md metadata if this skill uses allowed-tools mapping	`serve.py:17`
Low	Filesystem write to system path not documented update_canvas.py writes to /app/dist/control-ui/ which is an application deployment path. This is legitimate for the feature but undocumented. `(UI_DIR / 'cron.html').write_text(html, encoding='utf-8')` → Document filesystem:WRITE as a required capability if using allowed-tools	`update_canvas.py:59`
Info	Background shell loop watch_sync.sh runs in an infinite while loop with 30-second sleep, re-invoking update_canvas.py --sync every iteration. `while true; do python3 "$SCRIPT_DIR/update_canvas.py" --sync` → Standard background sync pattern; ensure process management is handled by the parent application	`watch_sync.sh:5`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	serve.py:28 reads ~/.openclaw/cron/jobs.json
Filesystem	`NONE`	`WRITE`	✗ Violation	update_canvas.py:59-63 writes to /app/dist/control-ui/cron.html
Network	`NONE`	`READ`	✗ Violation	serve.py:17 urllib.request.urlopen(https://raw.githubusercontent.com/...)
Shell	`NONE`	`WRITE`	✓ Aligned	watch_sync.sh:6 runs in infinite loop; bin/install.js:18 uses execFileSync

3 findings

🔗

Medium External URL 外部 URL

http://www.w3.org/2000/svg

demo.html:276

🔗

Medium External URL 外部 URL

http://0.0.0.0:

serve.py:115

📧

Info Email 邮箱地址

[email protected]

demo.html:345

File Tree

9 files · 61.7 KB · 1272 lines

HTML 1f · 799L Python 3f · 275L Markdown 2f · 118L JavaScript 1f · 60L JSON 1f · 11L Shell 1f · 9L

├─ ▾ 📁 bin

│ └─ 📜 install.js JavaScript 60L · 1.9 KB

├─ 📄 demo.html HTML 799L · 48.1 KB

├─ 🐍 generate.py Python 47L · 1.3 KB

├─ 📋 package.json JSON 11L · 302 B

├─ 📝 README.md Markdown 57L · 1.6 KB

├─ 🐍 serve.py Python 120L · 3.4 KB

├─ 📝 SKILL.md Markdown 61L · 1.6 KB

├─ 🐍 update_canvas.py Python 108L · 3.1 KB

└─ 🔧 watch_sync.sh Shell 9L · 324 B

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`python3`	`unspecified`	system	No	Standard library only (urllib, json, pathlib, http.server)
`node`	`unspecified`	system	No	Uses only built-in modules: fs, path, child_process

Security Positives

✓ No credential harvesting or environment variable iteration for secrets

✓ No data exfiltration or external IP communication except documented GitHub fetch

✓ No base64 encoded payloads or obfuscated shell commands

✓ No remote code execution beyond running local Python scripts

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files

✓ No curl|bash or wget|sh remote script execution patterns

✓ No hidden instructions in HTML comments or other steganographic patterns

✓ GitHub source is a branded, human-readable repository (firstfloris/opencron)

✓ All file operations are scoped to the OpenClaw application directory (~/.openclaw/)

Scan Report

Findings 3 items

File Tree

Dependencies 2 items

Security Positives