ClawHub

Cron System Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a cron maintenance assistant, but it gives the agent broad automatic authority to read operational files, change task behavior, retry jobs, and clean issue records without clear user approval.

Review before installing. Use this only if you are comfortable with an agent proactively managing cron/task operations and persistent workspace notes. Prefer requiring confirmation before it changes schedules, timeouts, prompts, task ownership, or removes issue records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

High
Confidence
95% confidence
Finding
The skill configures HEARTBEAT to run on every incoming message and authorizes automatic remediation based on file contents, which creates an overly broad, implicit trigger surface. In practice this can cause unintended file reads/modifications during ordinary chat, and if message volume or crafted context influences the check path, it increases the risk of unauthorized actions, privacy leakage, or denial-of-service through constant background execution.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs the agent to automatically discover, repair, retry, and notify for timeout failures without any explicit consent boundary or warning about system/data changes. That autonomy is dangerous because it normalizes self-directed configuration changes and task re-execution, which can alter schedules, increase resource consumption, or cause cascading side effects without the user's awareness at the time of action.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The conflict-resolution section permits immediate repair by updating task prompts or reallocating responsibilities, effectively authorizing autonomous modification of system behavior. Even if intended for maintenance, this is risky because prompt/task changes can silently change execution semantics, disable safeguards, or introduce new failure modes without review.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal