EctoClaw
Security checks across malware telemetry and agentic risk
Overview
EctoClaw is a coherent audit-ledger skill, but it intentionally sends and stores sensitive agent activity on a configured server.
Install only if you want an audit ledger for agent activity. Keep ECTOCLAW_URL on localhost or infrastructure you control, protect the server with authentication if exposed, review policy changes before saving them, and treat all logged prompts, tool outputs, and memory data as sensitive retained records.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.