Use when: hardening OpenClaw cron/background workers (POSIX shells: bash/sh) against brittle quoting, cwd/env drift, and false pipeline failures (SIGPIPE, pi...
Security Analysis
high confidenceThis is an instruction-only, POSIX-focused checklist for hardening cron/background workers; its requirements and instructions are coherent with the stated purpose and it requests no credentials or installs.
The name/description (cron hardening) matches the SKILL.md and reference files. No unexpected binaries, environment variables, or external services are required; all guidance is about execution patterns and scripts, which is appropriate for the stated goal.
Runtime instructions are scoped to making cron jobs deterministic and low-noise (scripts-first, cd to repo, NO_REPLY, avoid complex shell constructs). Examples show running local scripts (python3 tools/*.py) and short shell wrappers. The docs explicitly warn about secret leakage and advise redaction; there are no instructions to collect or transmit data to external endpoints or to read unrelated system files.
No install spec and no code files beyond static documentation — nothing is written to disk or downloaded. This is the lowest-risk pattern and is proportional to an advisory/checklist skill.
The skill declares no required env vars or credentials. It even cautions against printing secrets in logs and recommends documenting any env vars a job needs. There are no disproportionate credential requests.
The skill is not always-enabled, does not request system-level persistence, and does not attempt to modify other skills or global agent configuration. Autonomous invocation is allowed by platform default but the skill content does not exploit that.
Guidance
This is a documentation-only skill that provides sensible, POSIX-specific cron hardening guidance. Before adopting: (1) confirm your runtime actually treats the sentinel NO_REPLY as described (or decide on an equivalent silent-success behavior); (2) test suggested patterns in a staging environment (ensure scripts are executable, chdir behavior works, and alerts on failure are actionable); (3) adapt examples if you run non-POSIX shells (Windows/PowerShell); and (4) follow the skill's own advice about not printing secrets — ensure your cron scripts redact or never log sensitive values. Overall it's coherent and low-risk, but treat it as best-practice guidance rather than a replacement for application-level fixes.
Latest Release
v1.0.5
POSIX-scoped hardening guide: define NO_REPLY, improve Quick Start, generalize branch examples, refresh contract wording.
More by @phenomenoner
Published by @phenomenoner on ClawHub
