Cron Doctor

Security checks across malware telemetry and agentic risk

Overview

Cron Doctor is a disclosed troubleshooting skill for inspecting cron jobs and producing local health reports, with no evidence of hidden execution or data exfiltration.

Install this only if you want an agent to inspect cron configuration and logs on the current machine. Review sudo commands before approving them, and treat generated reports as sensitive because they may contain job names, paths, errors, and backup or security workflow details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill advertises very broad trigger phrases such as 'job health check', 'cron diagnosis', and 'backup failed', which can cause the agent to activate in contexts where the user did not explicitly request this skill. Unintended activation is risky here because the skill includes privileged and system-inspection commands, increasing the chance of unnecessary exposure of cron configuration and logs.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to write a report to ~/workspace/reports/cron-health-YYYY-MM-DD.md without warning the user or requesting consent. Silent file creation modifies the workspace and may leak operational details such as job names, failures, and system health into persistent storage the user did not intend to create.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal