cron-creator
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The Quick Install instructions contain a piped remote execution pattern:
bash -c "$(curl -sL https://raw.githubusercontent.com/digitaladaption/cron-creator/main/install.sh)". This executes a remote shell script from an untrusted GitHub repository directly on the host machine without verification. - [EXTERNAL_DOWNLOADS] (HIGH): The manual installation instructions recommend
git clonefromgithub.com/digitaladaption, which is not a trusted organization per the [TRUST-SCOPE-RULE]. This involves downloading and running unverified code from an external source. - [COMMAND_EXECUTION] (HIGH): The skill documentation states that it configures
tools.exec.host=gatewayand executesclawdbot gateway restart. This modification of the execution context grants the skill broad permissions to execute commands on the gateway host, which could lead to privilege escalation. - [PROMPT_INJECTION] (LOW): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) because it converts natural language input directly into system commands (
clawdbot cron add). - Ingestion points: User chat messages (e.g., "Remind me to...") provided in
SKILL.md. - Boundary markers: Absent; there are no delimiters or 'ignore' warnings for the natural language parser.
- Capability inventory: The skill uses
scripts/cron_creator.pyto generate and likely execute CLI commands, and can restart the system gateway. - Sanitization: Absent; the documentation does not describe any escaping or validation logic for the input strings used in the cron command generation.
Recommendations
- AI detected serious security threats
Audit Metadata