ClawHub
Back to skill

Security audit

Cron Tool

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent cron manager, but it can persistently alter scheduled commands and has a bug that may wipe the whole crontab when removing one job by line number.

Review this carefully before installing. Back up your current crontab first, avoid numeric --remove until the bug is fixed, verify that cron-tool runs this exact script, and only add or restore cron commands you understand because they will continue running on a schedule.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
try:
        # Open in editor
        editor = os.environ.get('EDITOR', 'vim')
        subprocess.call([editor, temp_file])
        
        # Read back
        with open(temp_file, 'r') as f:
Confidence
93% confidence
Finding
subprocess.call([editor, temp_file])

Tainted flow: 'editor' from os.environ.get (line 232, credential/environment) → subprocess.call (code execution)

Medium
Category
Data Flow
Content
try:
        # Open in editor
        editor = os.environ.get('EDITOR', 'vim')
        subprocess.call([editor, temp_file])
        
        # Read back
        with open(temp_file, 'r') as f:
Confidence
97% confidence
Finding
subprocess.call([editor, temp_file])

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and demonstrates shell-based command execution and I/O behavior, but it does not declare any permissions despite requiring capabilities consistent with shell, file, and environment access. This creates a trust and enforcement gap: users or platforms may assume the skill is low-privilege when it can invoke command-line operations and interact with redirected input/output, increasing the risk of unintended command execution or data access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.