Back to skill

Security audit

Cron Automation Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because it can create and manage recurring jobs, store outputs long-term, and send reports to external services.

Install only if you are comfortable letting this skill create and manage scheduled automations. Before using it, decide which cron jobs it may control, require explicit confirmation before modifications or deletion, review the intel/daily log contents, set your own retention or deletion practice, and enable external delivery channels only with trusted recipients and least-privilege credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (13)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly promotes autonomous monitoring, long-running automation, and persistent storage of automation outputs, but it does not clearly warn users that these workflows may continuously collect, retain, and process potentially sensitive information. In an AI-agent context, missing disclosure about ongoing collection and retention increases the risk of unintended privacy exposure and unreviewed system-impacting behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises delivery to third-party channels like Telegram, Discord, Email, and Feishu, but does not clearly warn that automation outputs may be transmitted to external services with their own privacy, logging, and retention practices. This can lead users to route sensitive intelligence, monitoring results, or internal data off-platform without informed consent or adequate safeguards.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation criteria are broad enough to match generic requests like reminders, reports, or monitoring without clear scope boundaries. In an agent system, over-broad routing can cause this skill to activate in unintended contexts and perform scheduling, persistence, or delivery actions the user did not explicitly want.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example phrases include very generic requests such as 'create daily report' or 'help me build an automation workflow' without constraints, making accidental invocation more likely. Because this skill can create persistent jobs and route outputs externally, ambiguous examples materially increase the chance of unintended side effects.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill mandates automatic creation of local files and appending all job output to a persistent intelligence log without requiring user awareness or consent. This creates a clear data-retention risk: sensitive task output, tokens, personal reminders, or monitored content may be stored indefinitely in plain local files and later reused by analysis jobs.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The skill describes automatic initialization of a delivery configuration file, which modifies local state without a prominent warning or explicit confirmation. While lower impact than content logging, silent config creation can surprise users, establish unintended defaults, and pave the way for later external delivery behavior.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger logic is explicitly broad enough to activate on any request that merely implies reminders, monitoring, or recurring notifications, which can cause the skill to misclassify normal user queries as requests to create automation. In this skill context, false activation is more dangerous because the skill can create or manage scheduled tasks across external delivery channels, potentially leading to unintended automation, message delivery, or task modification.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The listed phrases such as 'monitor', 'remind', 'send me updates', and 'automatically check' are generic and can appear in ordinary conversation without intent to create a cron job or persistent automation. In a scheduler skill, this increases the chance of unintended task creation or management actions, especially when connected to notification platforms like Slack, Telegram, email, or chat push channels.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This module explicitly states it will inspect existing cron jobs and infer task attributes such as names, schedules, delivery channels, and payload purpose, but it does not include a clear user-facing warning or consent step about that discovery behavior. In a scheduling/automation skill, those details can reveal sensitive operational metadata, external integrations, and monitoring targets, so silent inspection increases privacy and information-disclosure risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This module describes capabilities to list, update, delete, and test-run cron jobs but provides no safety guidance, confirmation requirements, or warnings about destructive actions. In a task automation skill, that omission increases the chance that an agent or user will perform irreversible or disruptive changes to scheduled jobs without adequate validation or awareness.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The module uses broad intent analysis with loose keyword matching and no clear negative examples, disambiguation rules, or activation boundaries. In a cron automation skill, this can cause the agent to recommend and potentially steer users toward unintended scheduled automations based on ambiguous phrasing, increasing the risk of overbroad actions, notification spam, or deployment of monitoring tasks the user did not actually request.

Ssd 3

Medium
Confidence
98% confidence
Finding
Requiring every cron job to persist all output into a shared intelligence log creates a broad data leakage surface, especially because the content may include monitored data, user-generated reminders, internal reports, or sensitive outputs. The surrounding skill context increases risk because the same data is then positioned as a reusable dataset for later trend analysis, expanding both retention and secondary-use exposure.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill explicitly directs locally generated reports to be distributed through enabled messaging or email channels, which can exfiltrate collected content beyond the local environment. In this skill context, that is particularly dangerous because the upstream instructions already aggregate data into persistent local logs, so a single misconfigured or overly permissive channel can leak accumulated sensitive information externally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.