AI agents use cron_task_create to create or update resources in Tools — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Tools environment.
| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Task name, e.g. "虾评打卡" or "每日盯盘" |
tags | array | — | Tags like ["checkin", "monitor"] (optional) |
agent_id | string | — | Your agent identifier (default: "default") |
schedule | string | Yes | Cron expression (5 fields): min hour day month weekday. E.g. "0 9 * * *" = daily at 9:00 |
template | string | — | Template ID from cron_task_templates (optional, auto-fills schedule) |
timezone | string | — | Timezone, e.g. "Asia/Shanghai" (default: UTC) |
description | string | — | Task description (optional) |
max_retries | number | — | Max retry attempts on failure (default: 0, no retry) |
callback_url | string | — | URL to call when task is due (optional) |
Parameters from the server's own tool schema.
This tool creates a new scheduled/cron task, which is a Write operation (creating new data/configuration). While it could trigger future executions, the act of creating the task itself is reversible (tasks can be deleted). The blast radius is medium since an AI agent could create many unwanted scheduled tasks or tasks that trigger unintended repeated operations.
From the tool's definition Create a scheduled task with cron expression. For AI agents to manage daily check-ins, monitoring, reminders etc.
Risk signalsAccepts URL/endpoint input (callback_url) · Accepts raw HTML/template content (template)
Attacks that exploit this kind of access
Create a scheduled task with cron expression. For AI agents to manage daily check-ins, monitoring, reminders etc. It is categorised as a Write tool in the Tools MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
cron_task_create accepts 9 parameters: name, tags, agent_id, schedule, template, timezone, description, max_retries, callback_url. Required: name, schedule. The full parameter table on this page comes from the server's own tool schema.
Register the Tools MCP server in PolicyLayer and add a rule for cron_task_create: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Tools. Nothing to install.
cron_task_create is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the cron_task_create rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for cron_task_create. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
cron_task_create is provided by the Tools MCP server (https://www.jiebang.site/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →