Back to skill

Security audit

Ecto

Security checks across malware telemetry and agentic risk

Overview

Ecto is a disclosed Ghost Admin API CLI whose powerful site-management actions match its stated purpose, with no evidence of hidden exfiltration, unsafe persistence, or deceptive behavior.

Install only from a source and version you trust, preferably pinned rather than @latest. Treat the Ghost Admin API key as a site-admin secret, protect or rotate it if exposed, and avoid putting real keys in shared terminals, scripts, logs, or screenshots. When using this through an agent, confirm the target site and require explicit approval before publishing, deleting, scheduling, bulk-changing content, uploading images, or creating webhooks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documents capabilities that imply access to environment variables and persistent configuration storage, but it does not declare corresponding permissions or warn users about those effects. This creates a transparency and consent problem: a user may invoke the skill without realizing it can read secrets from env vars and write auth/config data to disk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The declared description narrows the skill to blog post/page/tag/content management, but the documented behavior extends to authentication management, site settings, users, newsletters, webhooks, image upload, and multi-site configuration. That mismatch can mislead users and security reviewers about the real operational scope, increasing the chance of over-privileged use or unintended administrative actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to pass an admin API key directly on the command line and later documents environment-variable usage for the same secret, but it does not warn that these methods can expose credentials through shell history, process listings, logs, or copied config examples. Because this tool uses high-privilege Ghost Admin credentials, accidental disclosure could enable full content and site-management actions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation advertises destructive and state-changing commands such as delete, publish, unpublish, and schedule without any safety guidance about irreversible or externally visible effects. In an agent setting, this raises the risk of accidental content deletion, premature publication, or unintended production changes if commands are invoked from natural-language instructions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The authentication section instructs use of Ghost Admin API keys and environment overrides but gives no warning that these are highly sensitive administrative secrets. In practice, users may expose keys through shell history, logs, shared environments, or insecure storage, enabling full administrative compromise of the Ghost instance.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The `user` command prints `user.Email` directly to stdout, exposing personally identifiable information to anyone with terminal access, shell history capture, session logging, or CI/CD logs. In a CLI context, this can unintentionally leak sensitive user data beyond the immediate operator, especially when output is redirected or centrally collected.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.