opencron 安全扫描报告 — 低风险 | ClawSafe

20 /100

opencron

Visual cron job dashboard for OpenClaw — live countdown timers, run history, calendar view

OpenCron is a legitimate cron job dashboard skill with undeclared network fetch and filesystem write permissions, but all functionality serves the stated purpose with no malicious indicators.

技能名称opencron

分析耗时37.9s

引擎pi

✓

可以安装

Consider documenting the network:READ and filesystem:WRITE permissions in SKILL.md for full transparency. The skill is safe to use.

安全发现 3 项

严重性	安全发现	位置
低危	Network fetch not documented in SKILL.md The skill fetches dashboard HTML from https://raw.githubusercontent.com/firstfloris/opencron/master/cron-dashboard.html but this is not declared in SKILL.md's capability documentation. `urllib.request.urlopen(DASHBOARD_URL).read()` → Add network:READ to the declared capabilities in SKILL.md metadata if this skill uses allowed-tools mapping	`serve.py:17`
低危	Filesystem write to system path not documented update_canvas.py writes to /app/dist/control-ui/ which is an application deployment path. This is legitimate for the feature but undocumented. `(UI_DIR / 'cron.html').write_text(html, encoding='utf-8')` → Document filesystem:WRITE as a required capability if using allowed-tools	`update_canvas.py:59`
提示	Background shell loop watch_sync.sh runs in an infinite while loop with 30-second sleep, re-invoking update_canvas.py --sync every iteration. `while true; do python3 "$SCRIPT_DIR/update_canvas.py" --sync` → Standard background sync pattern; ensure process management is handled by the parent application	`watch_sync.sh:5`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	serve.py:28 reads ~/.openclaw/cron/jobs.json
文件系统	`NONE`	`WRITE`	✗ 越权	update_canvas.py:59-63 writes to /app/dist/control-ui/cron.html
网络访问	`NONE`	`READ`	✗ 越权	serve.py:17 urllib.request.urlopen(https://raw.githubusercontent.com/...)
命令执行	`NONE`	`WRITE`	✓ 一致	watch_sync.sh:6 runs in infinite loop; bin/install.js:18 uses execFileSync

3 项发现

🔗

中危外部 URL 外部 URL

http://www.w3.org/2000/svg

demo.html:276

🔗

中危外部 URL 外部 URL

http://0.0.0.0:

serve.py:115

📧

提示邮箱邮箱地址

[email protected]

demo.html:345

目录结构

9 文件 · 61.7 KB · 1272 行

HTML 1f · 799L Python 3f · 275L Markdown 2f · 118L JavaScript 1f · 60L JSON 1f · 11L Shell 1f · 9L

├─ ▾ 📁 bin

│ └─ 📜 install.js JavaScript 60L · 1.9 KB

├─ 📄 demo.html HTML 799L · 48.1 KB

├─ 🐍 generate.py Python 47L · 1.3 KB

├─ 📋 package.json JSON 11L · 302 B

├─ 📝 README.md Markdown 57L · 1.6 KB

├─ 🐍 serve.py Python 120L · 3.4 KB

├─ 📝 SKILL.md Markdown 61L · 1.6 KB

├─ 🐍 update_canvas.py Python 108L · 3.1 KB

└─ 🔧 watch_sync.sh Shell 9L · 324 B

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`python3`	`unspecified`	system	否	Standard library only (urllib, json, pathlib, http.server)
`node`	`unspecified`	system	否	Uses only built-in modules: fs, path, child_process

安全亮点

✓ No credential harvesting or environment variable iteration for secrets

✓ No data exfiltration or external IP communication except documented GitHub fetch

✓ No base64 encoded payloads or obfuscated shell commands

✓ No remote code execution beyond running local Python scripts

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files

✓ No curl|bash or wget|sh remote script execution patterns

✓ No hidden instructions in HTML comments or other steganographic patterns

✓ GitHub source is a branded, human-readable repository (firstfloris/opencron)

✓ All file operations are scoped to the OpenClaw application directory (~/.openclaw/)