The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains direct instructions that attempt to override the agent's default tool selection logic. Specifically, it tells the agent to "always use the exec/bash tool" and to "Never invoke the cron tool directly," which encourages bypassing platform-defined constraints and potential safety filters of specialized tools.
[COMMAND_EXECUTION]: The documentation provides and encourages the execution of several shell commands through the exec or bash tools. This includes system-level operations such as clawdbot gateway restart and managing scheduled tasks via the CLI.
[DATA_EXFILTRATION]: The debugging section instructs the agent to access and read internal system logs located at ~/.clawdbot/logs/gateway.err.log and /tmp/clawdbot/. This constitutes access to sensitive file paths that may contain internal application state or diagnostic data.
[PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface where the message parameter of a cron job can be used to influence model behavior. 1. Ingestion points: The --message argument in the clawdbot cron add command (SKILL.md). 2. Boundary markers: Absent; the instructions do not recommend using delimiters to isolate user-controlled message content from system instructions. 3. Capability inventory: The skill promotes the use of high-privilege tools such as exec and bash to manage cron jobs. 4. Sanitization: No sanitization or validation logic is provided for the contents of the scheduled messages.
[NO_CODE]: The skill consists entirely of markdown documentation and does not include any accompanying scripts or executable code files.

ez-cronjob