Back to skill

Security audit

Cronjob

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local note logger, but it is advertised as a cron-job manager and could mislead users into thinking real scheduling, backup, restore, or remediation happened.

Review before installing. Use it only as a local cron-related notes/logbook tool, not as a real cron manager, backup tool, restore tool, or remediation tool. Do not enter passwords, API keys, tokens, sensitive host details, or private incident notes unless you are comfortable with them remaining in local plain-text logs and exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill is marketed as managing cron jobs and monitoring failures, but it never interacts with crontab, system schedulers, or execution status; it only stores arbitrary user input in local log files. In an agent setting, this deceptive capability can cause operators or downstream automation to believe scheduling, monitoring, backup, or remediation actions occurred when nothing actually happened, leading to missed jobs, silent failures, and operational exposure.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
Commands such as fix, cleanup, backup, restore, benchmark, and compare imply state-changing operational actions, but they merely append user text to log files. This is dangerous because an agent or user may rely on these commands during incident response or maintenance and assume corrective actions were taken, creating a false sense of remediation and prolonging outages or data-loss conditions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly stores user-provided inputs in persistent plain-text logs and supports exporting them, but the command descriptions do not prominently warn users that anything they type may be retained on disk and copied into export files. In a sysops context, operators may paste secrets, hostnames, incident details, tokens, or internal operational data into these commands, creating a realistic confidentiality risk through local disclosure, backups, or accidental sharing of exported files.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script persistently stores arbitrary user-provided input under ~/.local/share/cronjob across many commands without warning, sanitization, retention policy, or access guidance. In practice, users may paste hostnames, incident notes, credentials, tokens, schedules, or internal operational details, which can then remain on disk indefinitely and be exposed to other local processes, backups, or support collection.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.