Trust Assessment
cron-backup received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 6 critical, 3 high, 1 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Persistence mechanism: Crontab modification, Command Injection in backup-versioned.sh via VERSION_SOURCE.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/zfanmy/cron-backup/scripts/setup-cron.sh:76 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/zfanmy/cron-backup/scripts/setup-cron.sh:78 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/zfanmy/cron-backup/scripts/setup-cron.sh:83 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/zfanmy/cron-backup/scripts/setup-cron.sh:87 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/zfanmy/cron-backup/scripts/setup-cron.sh:88 | |
| CRITICAL | Persistent Command Injection in setup-cron.sh via Crontab Entry The `setup-cron.sh` script constructs a cron entry (`CRON_ENTRY`) using several user-controlled variables, including `SCHEDULE` (`$4`) and components of `CMD` (derived from `$2`, `$3`, `$5`). This `CRON_ENTRY` is then directly added to the user's crontab using `crontab -`. An attacker can inject arbitrary shell commands into `SCHEDULE` (e.g., `* * * * *; malicious_command`) or into `SOURCE_DIR`/`BACKUP_DIR` arguments passed to `CMD`, leading to persistent execution of malicious commands with the privileges of the user who set up the cron job. All user-provided inputs (`SCHEDULE`, `SOURCE_DIR`, `BACKUP_DIR`, `EXTRA_ARGS`) must be strictly validated and sanitized before being used in the cron entry. For `SCHEDULE`, validate against a strict cron format regex. For paths, ensure they are valid and do not contain shell metacharacters. Consider using a safer method to add cron jobs that escapes special characters, or explicitly pass arguments to the target script using `bash -c` with proper quoting. | LLM | scripts/setup-cron.sh:60 | |
| HIGH | Persistence mechanism: Crontab modification Detected Crontab modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/zfanmy/cron-backup/scripts/setup-cron.sh:83 | |
| HIGH | Command Injection in backup-versioned.sh via VERSION_SOURCE The `backup-versioned.sh` script uses `eval "$VERSION_SOURCE"` on line 30. The `VERSION_SOURCE` variable (`$2`) is directly controlled by user input. An attacker can inject arbitrary shell commands into `VERSION_SOURCE`, which will be executed with the privileges of the user running the script. Avoid using `eval` with untrusted input. If a command needs to be executed, use a safer method like `bash -c` with proper quoting, or explicitly check if the input is a valid command name before execution. For version files, ensure the path is validated. | LLM | scripts/backup-versioned.sh:30 | |
| HIGH | Arbitrary File Write/Command Injection via Log Redirection in setup-cron.sh The `setup-cron.sh` script uses `>> $BACKUP_DIR/.backup.log` to redirect output. The `BACKUP_DIR` variable (`$3`) is user-controlled. An attacker can manipulate `BACKUP_DIR` to include shell metacharacters (e.g., `"/tmp/foo; malicious_command #"`) or path traversal sequences (e.g., `"/etc/../tmp/sensitive_file"`) to redirect the cron job's output to an arbitrary file, potentially overwriting sensitive system files or injecting commands. Validate `BACKUP_DIR` to ensure it is a safe, absolute path without shell metacharacters or path traversal sequences. Ensure the log file is written to a controlled, non-sensitive location. | LLM | scripts/setup-cron.sh:60 | |
| MEDIUM | Data Exfiltration in list-backups.sh via BACKUP_DIR The `list-backups.sh` script takes `BACKUP_DIR` (`$1`) as user input and uses it in commands like `ls -lh "$BACKUP_DIR"/*.tar.gz`, `du -sh "$BACKUP_DIR"`, `cat "$BACKUP_DIR/.version_record"`, and `tail -n 5 "$BACKUP_DIR/.backup.log"`. An attacker can provide a path to a sensitive directory (e.g., `/etc`, `/root`) as `BACKUP_DIR`, causing the script to list its contents, report its size, and attempt to read `.version_record` or `.backup.log` files within it, potentially exposing sensitive information. Validate `BACKUP_DIR` to ensure it points only to designated backup directories and does not allow path traversal or access to arbitrary system paths. Implement strict path validation, e.g., checking if the path is a subdirectory of an allowed base backup path. | LLM | scripts/list-backups.sh:20 |
Scan History
Embed Code
[](https://skillshield.io/report/d33338f7df6398e2)
Powered by SkillShield