ClawHub

cronlint

Security checks across malware telemetry and agentic risk

Overview

CronLint is a local cron-code scanner, but its license handling and optional git-hook installer create risks users should review before installing.

Install only if you are comfortable with a local scanner reading the target repository. Use explicit paths, avoid passing license keys on the command line, do not use untrusted license tokens, and only run hook install in repositories where persistent commit/push scanning is desired.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

High
Confidence
94% confidence
Finding
This code writes to repository configuration by creating or appending to lefthook.yml, which is a persistent side effect outside the analyzer's core scanning purpose. Although user-invoked, modifying repo hook configuration can alter developer workflows, introduce unexpected execution paths on future commits, and increase supply-chain risk if the referenced skill path later changes or is replaced.

Context-Inappropriate Capability

High
Confidence
91% confidence
Finding
This uninstall path rewrites repository hook configuration using broad text processing, which can remove or corrupt unrelated configuration if patterns match unexpectedly. Because it edits project files directly, a malformed or surprising rewrite can disrupt repo security controls or developer tooling and is more dangerous than a read-only analyzer operation.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This file implements a full license enforcement and JWT parsing subsystem that is materially unrelated to the declared purpose of a cron anti-pattern analyzer. Even if not overtly malicious, this expands the skill’s privilege surface by introducing secret access, token handling, and gating logic that users would not expect from a static analyzer, creating unnecessary trust and supply-chain risk.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script reads a license key from both an environment variable and a local config file under the user’s home directory, despite the skill’s stated role not requiring access to local secrets or account material. In agent ecosystems, unjustified secret/config access is risky because it normalizes credential collection and could expose sensitive values through logs, subprocesses, crashes, or future code changes.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The parser later splits each pattern entry on the '|' delimiter with `IFS='|' read -r ...`, so any unescaped pipe characters embedded inside the regex field will corrupt field parsing and cause the regex, severity, check ID, description, or recommendation to be misassigned. In a security analyzer, this can silently disable checks or mislabel findings, reducing detection accuracy and trustworthiness of scan results.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation phrases are very broad and overlap with common user requests about cron jobs, audits, health reports, and scheduling quality. In an agentic environment, this raises the risk of unintended auto-activation on loosely related prompts, causing unexpected scanning, local file traversal, or execution of ancillary commands beyond what the user explicitly intended.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Passing a license key via command line and exporting it to the environment risks credential exposure through shell history, process listings, crash logs, and child processes. In a CLI tool this is a real secret-handling weakness, especially since the script encourages direct use of --license-key without warning users of the exposure tradeoff.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal