Back to skill

Security audit

Cron Backup

Security checks across malware telemetry and agentic risk

Overview

This is a real backup automation skill, but it needs review because it can create persistent cron jobs from unsafe inputs and can execute user-supplied shell text.

Install only if you deliberately want local cron-based backup automation and are comfortable reviewing shell scripts. Use trusted absolute paths, avoid command-string version sources, inspect the generated crontab line before relying on it, and test cleanup on a dedicated backup directory because old backups can be permanently deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script executes caller-controlled input with `eval` to determine the version string, which allows arbitrary shell command execution in the script's privilege context. In a backup automation skill, this is more dangerous because the script is likely to be run unattended via cron and often with elevated filesystem access, turning a version check into a general code-execution primitive.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The logic suggests safe handling of a 'command', but it actually tests `command -v` on the entire input string and then falls back to `eval` for anything more complex. This mismatch is dangerous because users may believe they are supplying a harmless version command while the script interprets arbitrary shell syntax.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation explicitly promotes automated cleanup that deletes old backups, but it does not clearly warn users that backup retention settings can permanently remove recovery points. In a backup-focused skill, unsafe or poorly understood deletion behavior is particularly risky because users may assume backups are always recoverable and may misconfigure retention, leading to irreversible data loss.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Running user-supplied shell code without any warning, confirmation, or trust boundary disclosure creates a significant safety issue, especially in an automation-oriented backup script. Because this skill is intended for scheduled use, unsafe command execution may be embedded into cron jobs and triggered repeatedly without user review.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The cleanup job sets up automated deletion of backups via cleanup.sh using a retention value, but the script does not present an explicit destructive-action warning or confirmation before persisting the cron job. In a backup automation skill, silent scheduled deletion is risky because a user mistake in the target path or retention value can lead to recurring data loss.

Session Persistence

Medium
Category
Rogue Agent
Content
exit 1
fi

# Add to crontab
(crontab -l 2>/dev/null || echo "") | grep -v "$CRON_TAG" | { cat; echo "$CRON_ENTRY"; } | crontab -

echo "✓ Cron job added successfully"
Confidence
92% confidence
Finding
crontab (crontab -l 2>/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.