AOI Cron Ops (Lite)

Security checks across malware telemetry and agentic risk

Overview

This is a read-only cron audit helper; its main risk is that reports may include operational error details that users should review before sharing.

Safe to use as a local, report-only audit helper. Treat cron exports and generated reports as operationally sensitive, especially any job names and lastError text, and only apply suggested cron changes after manually approving the exact change.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The script includes `state.lastError` from cron job data directly in its report output, truncating only by length and not by sensitivity. Error strings often contain secrets, internal URLs, stack traces, tokens, or personally identifiable data, so emitting them to stdout can leak operationally sensitive information to logs, terminals, or downstream tooling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal