I realize I answered a completely different question than you asked.
Are you wondering how to use Client Relevance to detect, on Windows endpoints, Scheduled Tasks which will shutdown Windows?
I suspect you want to explore the Scheduled Task inspector:
https://developer.bigfix.com/relevance/reference/scheduled-task.html
Most likely in the XML of Scheduled Tasks
Found similar posting here:
A tweak to that XML parsing relevance gives you the names and actions of ALL of the scheduled, tasks.
q: (name of it, node values of child nodes of xpaths ("xmlns:a='http://schemas.microsoft.com/windows/2004/02/mit/task'", "/a:Task/a:Actions/a:Exec/a:Command") of xml documents of xmls of it) of scheduled tasks
Then we Whose on item 1 to filter for only ones that have our shutdown string.
q: (name of it, node values of child nodes of xpaths ("xmlns:a='http://schemas.microsoft.com/windows/2004/02/mit/task'", "/a:Task/a:Actions/a:Exec/a:Command") of xml documents of xmls of it) whose (item 1 of it as lowercase contains "shutdown") of scheduled tasks