首页龙虾技能列表 › Opencron Skill Repo — 技能工具

Opencron Skill Repo — 技能工具

v1.0.1

Visual cron job dashboard for OpenClaw — live countdown timers, run history, calendar view

0· 139·0 当前·0 累计
by @firstfloris (Floris Jan-Werner van der Harst)·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/14
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
high confidence
The skill mostly does what its dashboard description claims, but there are several mismatches and data-exposure risks (undeclared env usage, installer calling git, instructions to publish the gateway token in public URLs and to call an external IP service) that you should understand before installing.
评估建议
This skill appears to implement the dashboard it describes, but there are clear inconsistencies and a real risk of leaking your gateway token. Things to consider before installing: - The SKILL.md and scripts use OPENCLAW_GATEWAY_TOKEN and CANVAS_PORT but the registry metadata does not declare these env vars — confirm where that token comes from and whether you are comfortable it will be placed into URLs. - The instructions explicitly tell the agent to build a public URL containing the gateway t...
详细分析 ▾
用途与能力
The stated purpose (visual OpenClaw cron dashboard) matches the included code that reads ~/.openclaw/cron/jobs.json, writes canvas files, and serves or generates HTML. However the package metadata claims no required config paths or env vars while the SKILL.md and code clearly rely on HOME/.openclaw paths and an OPENCLAW_GATEWAY_TOKEN (used in examples/URLs). The installer (bin/install.js) invokes git but git is not declared in required binaries. These omissions are incoherent with the skill's operational needs.
指令范围
Runtime instructions tell the agent to always append a public dashboard URL including ${OPENCLAW_GATEWAY_TOKEN} after every cron job run and to resolve HOST_IP via curl to ifconfig.me. That directs the agent to call an external service and to expose a gateway token in a publicly reachable URL — actions that go beyond simply 'showing a dashboard' and increase risk of token leakage and data exposure.
安装机制
There is no formal install spec in the registry entry, but a bundled bin/install.js clones a GitHub repo and runs update_canvas.py. Cloning from GitHub is common, but the installer executes git and Python scripts (execFileSync) — the manifest did not declare git as required. The dashboard HTML is fetched from a raw GitHub URL (acceptable), but cloning/executing external repo contents should be treated as running third-party code.
凭证需求
The registry lists no required environment variables, yet SKILL.md and examples rely on CANVAS_PORT and OPENCLAW_GATEWAY_TOKEN and instruct resolving them for public URLs. The skill also reads user-local files (~/.openclaw/cron/jobs.json and potentially run logs). Requesting no declared credentials while instructing the agent to use and embed a gateway token is a mismatch and can lead to unintentional disclosure of sensitive tokens.
持久化与权限
The skill does not request always:true and does not modify other skills. However the instructions explicitly require that every cron job's output includes a final line with a public URL containing the gateway token; if the agent invokes this skill autonomously that behavior could become automatic and spread the token. Autonomous invocation plus the token-exposure instruction raises the operational risk even though no elevated platform privilege is requested.
bin/install.js:23
Shell command execution detected (child_process).
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.12026/3/17

- Added detailed SKILL.md documentation for deploying, syncing, and serving the OpenCron visual dashboard for OpenClaw cron jobs. - Included feature overview, quick start steps, script explanations, external access setup, and demo usage instructions. - Provided security notes, environment configuration guidance, and usage rules for public dashboard access.

● 可疑

安装命令 点击复制

官方npx clawhub@latest install opencron-skill-repo
镜像加速npx clawhub@latest install opencron-skill-repo --registry https://cn.clawhub-mirror.com

技能文档

A visual dashboard for your OpenClaw cron jobs. See job statuses at a glance, track run history with outputs, and view scheduled runs on a calendar.

Features

  • Works with your existing OpenClaw cron jobs — zero config
  • Live countdown timers to next run
  • Auto-refreshes every 30 seconds
  • Expandable job cards with schedule, duration, delivery status, and full prompt
  • Run history tab with output summaries, model, token usage
  • Calendar view showing past runs (ok/error) and upcoming scheduled runs
  • Braille unicode progress animation on next-run banner
  • Antimetal-inspired dark gradient UI with neon accents
  • Secure: gateway token auth, no credentials exposed client-side
  • Responsive layout, prefers-reduced-motion support

Quick Start

1. Deploy the dashboard

python3 skills/opencron/update_canvas.py

This fetches cron-dashboard.html from github.com/firstfloris/opencron and writes live cron-data.json.

2. Start the background sync

nohup sh skills/opencron/watch_sync.sh &

Keeps cron-data.json in sync with jobs.json every 30 seconds.

3. Open the dashboard

The dashboard is served via the nginx proxy on port ${CANVAS_PORT:-8090} — NOT the gateway port.

Get the server's public IP (not the container's internal IP):

HOST_IP=$(curl -s ifconfig.me)

Dashboard URL:

http://${HOST_IP}:${CANVAS_PORT:-8090}/cron.html?token=${OPENCLAW_GATEWAY_TOKEN}

Important: Never use hostname -I — that returns the container's internal IP which is unreachable from outside.

Scripts

ScriptWhat it doesExample
update_canvas.pyOne-shot deploy: fetches HTML from GitHub + writes JSON to canvaspython3 skills/opencron/update_canvas.py
watch_sync.shBackground sync loop (30s interval)nohup sh skills/opencron/watch_sync.sh &
generate.pyGenerate standalone HTML with embedded datapython3 skills/opencron/generate.py -o dashboard.html
serve.pyRun a local HTTP server for the dashboardpython3 skills/opencron/serve.py --port 8787

Serving Externally (Optional)

To access the dashboard from outside Docker, add an nginx reverse proxy. See nginx-canvas.conf.template for a production-ready config with:

  • Token validation via query parameter
  • Rate limiting (10 req/s per IP)
  • GET/HEAD only
  • Path allowlisting
  • Security headers (CSP, X-Frame-Options, no-referrer)
  • Run log JSONL serving from /runs/

Docker Compose snippet

canvas-proxy:
  image: nginx:alpine
  restart: unless-stopped
  environment:
    OPENCLAW_GATEWAY_TOKEN: ${OPENCLAW_GATEWAY_TOKEN}
  volumes:
    - ./nginx-canvas.conf.template:/etc/nginx/templates/default.conf.template:ro
    - ./cron/runs:/openclaw-data/cron/runs:ro
  ports:
    - "127.0.0.1:${CANVAS_PORT:-8090}:80"
  depends_on:
    openclaw-gateway:
      condition: service_healthy

Data Sources

  • Job definitions & state: /home/node/.openclaw/cron/jobs.json (read by gateway as cron-data.json)
  • Run history: /home/node/.openclaw/cron/runs/.jsonl (NDJSON, one entry per run)

After Every Cron Job Run

When a cron job finishes executing, always show the user the OpenCron dashboard link. Get the public IP via:

HOST_IP=$(curl -s ifconfig.me)

Then show:

See cron status on OpenCron: http://${HOST_IP}:${CANVAS_PORT:-8090}/cron.html?token=${OPENCLAW_GATEWAY_TOKEN}

Rules:

  • Use port ${CANVAS_PORT:-8090} (nginx proxy) — never the gateway port (18789)
  • Use curl -s ifconfig.me for the IP — never hostname -I (that's the container's internal IP)
  • Resolve all variables to actual values — never show placeholders to the user
  • This should be the last line of output after every cron job execution

Demo

Open demo.html in any browser for a fully working demo with mock data — no server required.

数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务