Security audit

Cron Job Guardian

Security checks across malware telemetry and agentic risk

Overview

This is a local, user-directed cron/timer review helper with disclosed file reading and optional report writing, and no evidence of hidden network access, persistence, or destructive behavior.

Install/use it for cron files, timer configs, or script directories you intentionally want reviewed. Avoid pointing it at broad home directories or repositories with unrelated secrets, and review generated reports before sharing because they may include local paths and redacted snippets from the chosen input.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill advertises no declared permissions, yet its instructions explicitly allow shell execution and imply reading inputs and writing outputs via `python3 ... --input <输入文件> --output <输出文件>`. That creates a capability/permission mismatch that can bypass policy review and mislead operators about the true attack surface, especially for a user-invocable skill handling arbitrary files.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The described purpose is a narrow cron/timer audit skill, but the observed behavior expands into generic directory scanning, content extraction, CSV/TSV inspection, risk-pattern scanning, skill metadata inspection, and arbitrary text summarization. This overbroad functionality makes the skill capable of collecting unrelated sensitive data and performing analysis outside user expectations, which is particularly risky because the skill is user-invocable and presented as a limited auditor.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.