Cron Scheduler

Security checks across malware telemetry and agentic risk

Overview

This cron-management skill is functional and mostly disclosed, but it can create persistent scheduled commands, delete cron entries, and run sudo service-control actions without enough guardrails.

Install only if you intentionally want an agent-assisted tool that can change your crontab. Review every schedule, command, removal line number, and pattern before running it; make a backup first; and approve sudo service actions only when you knowingly want to affect the whole machine's cron daemon.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (19)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill exceeds its stated purpose of managing user cron entries by also starting, stopping, and querying the cron system service with sudo. That broadens the trust boundary from per-user task management to privileged system administration, which is dangerous in an agent context because a natural-language request about cron jobs could trigger system-wide service changes.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: These privileged launchctl/systemctl operations are not necessary for the minimum capability of editing a user's crontab. In an automation setting, unnecessary privileged actions increase blast radius and make prompt-induced misuse more severe, even if the commands themselves are legitimate admin operations.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrase "cron" is extremely broad and likely to match ordinary discussion about cron rather than an explicit request to invoke this skill. In an agent environment, overly broad activation can cause unintended execution of actions that modify scheduled tasks or system state, especially given this skill can add/remove jobs and control the cron service.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The phrases "schedule task" and "recurring task" are ambiguous and common in everyday language, so they may activate the skill when a user is speaking generally rather than asking to manipulate cron. Because the skill performs persistent system changes, accidental invocation could lead to unintended cron entries, removals, or service operations.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: remove_job rewrites the user's entire crontab immediately, without a preview or confirmation prompt. In an agent workflow, a mistaken line number, broad pattern, or adversarial prompt could silently delete scheduled jobs and disrupt persistence, backups, or operational tasks.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The service-management path invokes privileged system commands without a prior warning that it may prompt for sudo and affect the entire host. In an agent setting, lack of disclosure materially increases the risk of unintended system changes or social-engineering-assisted approval of privileged operations.

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: macos) case "$action" in start) sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.cron.plist 2>/dev/null || \ log_error "Need sudo to start cron" ;; stop)
Confidence: 93% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: log_error "Need sudo to start cron" ;; stop) sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.cron.plist 2>/dev/null || \ log_error "Need sudo to stop cron" ;; status)
Confidence: 93% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: log_error "Need sudo to stop cron" ;; status) if sudo launchctl list | grep -q com.apple.cron; then log_success "Cron service is running" else log_warn "Cron service is not running"
Confidence: 88% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: linux) case "$action" in start) sudo systemctl start cron 2>/dev/null || sudo systemctl start crond 2>/dev/null || \ log_error "Failed to start cron service" ;; stop)
Confidence: 94% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: linux) case "$action" in start) sudo systemctl start cron 2>/dev/null || sudo systemctl start crond 2>/dev/null || \ log_error "Failed to start cron service" ;; stop)
Confidence: 94% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: log_error "Failed to start cron service" ;; stop) sudo systemctl stop cron 2>/dev/null || sudo systemctl stop crond 2>/dev/null || \ log_error "Failed to stop cron service" ;; status)
Confidence: 94% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: log_error "Failed to start cron service" ;; stop) sudo systemctl stop cron 2>/dev/null || sudo systemctl stop crond 2>/dev/null || \ log_error "Failed to stop cron service" ;; status)
Confidence: 94% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: log_error "Failed to stop cron service" ;; status) if sudo systemctl is-active cron &>/dev/null || sudo systemctl is-active crond &>/dev/null; then log_success "Cron service is running" else log_warn "Cron service is not running"
Confidence: 86% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: log_error "Failed to stop cron service" ;; status) if sudo systemctl is-active cron &>/dev/null || sudo systemctl is-active crond &>/dev/null; then log_success "Cron service is running" else log_warn "Cron service is not running"
Confidence: 86% confidence
Finding: sudo

Session Persistence

Medium

Category: Rogue Agent
Content: local temp_file temp_file=$(mktemp) # Preserve existing crontab crontab -l 2>/dev/null >> "$temp_file" || true # Add new job
Confidence: 90% confidence
Finding: crontab crontab -l 2>/

Session Persistence

Medium

Category: Rogue Agent
Content: temp_file=$(mktemp) # Get current crontab local current_crontab current_crontab=$(crontab -l 2>/dev/null) || true if [[ -z "$current_crontab" ]]; then
Confidence: 85% confidence
Finding: crontab current_crontab=$(crontab -l 2>/

Session Persistence

Medium

Category: Rogue Agent
Content: macos) case "$action" in start) sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.cron.plist 2>/dev/null || \ log_error "Need sudo to start cron" ;; stop)
Confidence: 87% confidence
Finding: launchctl load

Session Persistence

Medium

Category: Rogue Agent
Content: macos) case "$action" in start) sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.cron.plist 2>/dev/null || \ log_error "Need sudo to start cron" ;; stop)
Confidence: 87% confidence
Finding: plist

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal