ecap Security Auditor
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ecap-security-auditor Version: 2.0.0 The OpenClaw AgentSkills skill bundle 'ecap-security-auditor' is designed to perform security audits of other packages. Its core functionality involves querying an external Trust Registry (skillaudit-api.vercel.app), performing integrity checks, and conducting auto-audits by reading all files in target packages. The `SKILL.md` and `prompts/audit-prompt.md` instruct the AI agent to *detect* various malicious behaviors (e.g., command injection, data exfiltration, persistence, prompt injection, obfuscation) rather than to *perform* them. The included scripts (`register.sh`, `upload.sh`, `verify.sh`) are robust, employing security best practices like URL encoding, JSON validation, and secure file permissions. While the skill requires broad permissions (shell execution, network access, file system access), these are directly aligned with its stated purpose as a security auditing tool. The documentation includes a 'Security Considerations' section that explicitly warns against potential attack vectors, demonstrating a defensive security posture.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can read the package may be able to act as that registry agent and submit or manipulate trust-registry data.
The documentation includes an apparent bearer credential in runnable POST examples instead of a placeholder.
-H "Authorization: Bearer ecap_2c909be35dfa..."
Revoke and rotate the token, remove it from examples and repository history, and require users to register and store their own credentials securely.
A false registry report could cause the agent to block a legitimate package or mislead users about package safety.
The skill's automatic gate uses registry findings and trust scores, so unreviewed bogus findings can cascade into install warnings, blocks, or trust-score damage.
Successfully submitted a fake critical finding ... API accepted it without any verification ... Findings are immediately active (`status: reported`).
Do not automatically block on unreviewed findings; require review/reputation controls, signed evidence, or explicit user confirmation before gate decisions affect installs.
The agent may contact external services and interrupt installs even when the user did not explicitly ask for this specific check.
The skill instructs broad automatic tool use and install blocking across package ecosystems, with limited per-action user control in the documented flow.
Every time you install or use a package, run this check automatically ... `pip install <package>` / `npm install <package>` ... Score < 40 | 🔴 Block
Require user approval for automatic audits and any blocking decision, and document clear behavior for API failures, unknown packages, and disputed findings.
A manipulated verification endpoint could make tampered files appear trusted.
The artifact's own adversarial report says the integrity verifier can be redirected to a controlled API endpoint, weakening the provenance check.
`verify.sh` accepts an arbitrary second argument as API URL ... bypassing integrity verification entirely.
Hardcode or allowlist trusted integrity endpoints, validate URLs, and prefer signed integrity metadata over unsigned remote responses.