Security audit

Cron Setup

Security checks across malware telemetry and agentic risk

Overview

The skill appears to set up scheduled automation, but it gives persistent command-execution authority through externally routed cron messages without enough scoping or user-control detail.

Install only if you understand and control the cron agent and Telegram destination. Treat any scheduled payload as code execution: review every command, avoid secrets or private workspace data in messages, and prefer user-configured channel IDs plus explicit approval before enabling recurring jobs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs cron jobs to send messages to a hard-coded Telegram channel and topic IDs, but it provides no warning, consent checkpoint, or data-handling limits. In a scheduled autonomous context, this creates a real risk of unintended external data transmission, including workspace details, alerts, or sensitive outputs being posted outside the local environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.