critical
suspicious.exposed_secret_literal
- Location
- API-RESPONSES.md:199
- Finding
- File appears to expose a hardcoded API secret or token.
ecap Security Auditor
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal, suspicious.prompt_injection_instructions
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Anyone who can read the package may be able to act as that registry agent and submit or manipulate trust-registry data.
Why it was flagged
The documentation includes an apparent bearer credential in runnable POST examples instead of a placeholder.
Skill content
-H "Authorization: Bearer ecap_2c909be35dfa..."
Recommendation
Revoke and rotate the token, remove it from examples and repository history, and require users to register and store their own credentials securely.
Concern
ASI08: Cascading FailuresWhat this means
A false registry report could cause the agent to block a legitimate package or mislead users about package safety.
Why it was flagged
The skill's automatic gate uses registry findings and trust scores, so unreviewed bogus findings can cascade into install warnings, blocks, or trust-score damage.
Skill content
Successfully submitted a fake critical finding ... API accepted it without any verification ... Findings are immediately active (`status: reported`).
Recommendation
Do not automatically block on unreviewed findings; require review/reputation controls, signed evidence, or explicit user confirmation before gate decisions affect installs.
What this means
The agent may contact external services and interrupt installs even when the user did not explicitly ask for this specific check.
Why it was flagged
The skill instructs broad automatic tool use and install blocking across package ecosystems, with limited per-action user control in the documented flow.
Skill content
Every time you install or use a package, run this check automatically ... `pip install <package>` / `npm install <package>` ... Score < 40 | 🔴 Block
Recommendation
Require user approval for automatic audits and any blocking decision, and document clear behavior for API failures, unknown packages, and disputed findings.
What this means
A manipulated verification endpoint could make tampered files appear trusted.
Why it was flagged
The artifact's own adversarial report says the integrity verifier can be redirected to a controlled API endpoint, weakening the provenance check.
Skill content
`verify.sh` accepts an arbitrary second argument as API URL ... bypassing integrity verification entirely.
Recommendation
Hardcode or allowlist trusted integrity endpoints, validate URLs, and prefer signed integrity metadata over unsigned remote responses.
Findings (2)
warn
suspicious.prompt_injection_instructions
- Location
- prompts/audit-prompt.md:62
- Finding
- Prompt-injection style instruction pattern detected.