ClawHub

Ecto

Security checks across malware telemetry and agentic risk

Overview

Ecto is a disclosed Ghost Admin API command-line tool whose powerful publishing and configuration actions match its stated purpose, with no evidence of hidden exfiltration or unsafe persistence.

Install only from a source you trust, preferably a pinned reviewed version rather than @latest. Treat the Ghost Admin API key as a site-admin secret, protect the local config file, and rotate the key if it is exposed. When using this skill through an agent, require explicit confirmation for publishing, deleting, scheduling, bulk operations, image uploads, and webhook creation, and verify the target Ghost site before running commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill exposes capabilities that imply access to environment variables and local file writing, yet it declares no permissions or trust boundaries. This creates a transparency and consent problem: users may provide or store Ghost admin credentials and local configuration without being warned that sensitive data can be read from the environment or persisted locally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The stated description narrows the skill to managing blog posts, pages, tags, and content, but the documented behavior extends to authentication management, user and newsletter enumeration, webhook management, image upload, and settings/site inspection. This mismatch is dangerous because it can cause users or higher-level agents to grant trust for a limited publishing tool while actually invoking broader administrative operations with greater data exposure and control.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README shows an Admin API key directly in command examples and discusses environment variables for storing the key without clearly warning that the key is a sensitive credential. In agentic or shared-shell contexts, users may paste real secrets into terminal history, logs, screenshots, or automation systems, which could expose full administrative access to the Ghost site.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The documentation includes destructive or state-changing actions such as delete, publish, unpublish, schedule, and webhook deletion without any warning about irreversible content changes or operational impact. In an agent-driven context, missing safety cues increases the chance of accidental publication, deletion, or disruption of production content.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The authentication instructions tell users to provide Ghost admin API keys and mention environment-variable overrides, but they do not warn that these credentials are highly sensitive and grant administrative control over the site. Without guidance on secure handling, users may expose secrets in shell history, logs, shared environments, or insecure local config files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal