ClawHub
Back to skill

Security audit

cron-edit-safe

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent cron-editing helper, but users should understand that its default dry-run really executes the command once before editing the cron job.

Install only if you are comfortable giving the tool authority to edit a chosen OpenClaw cron job. Treat its dry-run as a real one-time command execution: review the command first, avoid untrusted commands, and use --no-dry-run or --dry-run-only deliberately based on whether side effects are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The wrapper is advertised as a safe cron-editing helper, but it explicitly reads and re-exports unrelated API credentials into the environment of the downstream script. This broadens the exposure of sensitive secrets without a clear functional need or user consent, increasing the risk that the core script, child processes, logs, or crash reports may access or leak them.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The wrapper executes the user-supplied cron command locally via `bash -c` during its so-called dry-run. Because the command is arbitrary shell content, this can trigger real side effects such as file changes, network access, credential use, or destructive actions on the operator host before the cron is even edited.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The script presents itself as a 'safe edit' wrapper, but its safety model is misleading because the dry-run intentionally performs the real command and even warns about real side effects. This mismatch can cause operators to trust the tool and run untrusted or high-impact commands under the assumption that no state-changing action will occur.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Exporting sensitive API keys without any user-facing notice or explicit opt-in creates unnecessary secret propagation. In the context of a cron-editing wrapper, this is more suspicious because the functionality does not obviously require model-provider credentials, so the skill widens secret exposure beyond its stated purpose.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.