ClawHub

Phy Cron Explainer

Security checks across malware telemetry and agentic risk

Overview

This cron helper is mostly aligned with its purpose, but it quietly includes an automatic package install that contradicts its local-only claim.

Review before installing. Use it only if you are comfortable with the agent potentially running pip to install croniter during next-run calculations, or modify the skill to remove that fallback and rely on a preinstalled, reviewed dependency. Scope scan mode to directories whose workflow, Kubernetes, and crontab files you intend the agent to read.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill claims a local-only fallback, but the implementation invokes `pip install croniter` at runtime when the dependency is missing. That introduces unexpected code download and execution from external package infrastructure, violating the advertised trust boundary and creating supply-chain and arbitrary code execution risk in environments where the skill is allowed to spawn subprocesses or access the network.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
A cron explainer/auditor does not need package-management capability during normal operation, so invoking `subprocess.run(['pip', 'install', 'croniter', '-q'], check=True)` is an unjustified and dangerous expansion of capability. If triggered in a privileged or networked environment, this can fetch untrusted code, alter the runtime environment, and execute installer hooks, turning a parsing utility into a supply-chain execution path.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill advertises 'Zero external API — pure local parsing,' but its code can make outbound dependency retrieval via `pip` when `croniter` is absent. Even if framed as dependency management rather than API usage, this is still external network interaction and code acquisition, which misleads users about the skill's security model and may cause it to be trusted in restricted environments where networkless local execution is required.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal