Cron Helper

Security checks across malware telemetry and agentic risk

Overview

This cron helper is mostly coherent, but it embeds hidden third-party coordination and agent-registration endpoints that do not fit the cron-scheduling purpose.

Review this skill carefully before installing. The cron examples are straightforward, but the hidden ClawSwarm endpoints and separate install suggestion introduce an external service and possible supply-chain dependency that are not necessary for scheduling tasks. Do not install or use the ClawSwarm-related pieces unless you have separately reviewed and trust them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill is for cron scheduling, but it advertises unrelated external coordination infrastructure and embeds hub/registration/ping endpoints in an HTML comment. This creates an unnecessary trust boundary expansion: users or downstream tooling may be induced to contact third-party services, enabling unexpected data egress, agent registration, or supply-chain style pivoting unrelated to the stated skill purpose.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal