ecap-security-auditor
ecap-security-auditor · v · by
55.8
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 0.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 40.0 | 15% |
| Clickfix | 65.0 | 15% |
| Credential | 100.0 | 15% |
| Twostage | 5.0 | 10% |
| Infrastructure | 100.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 10.6 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 0
[CRITICAL] Remote code download and execution via curl pipe
(line 472)
| **Critical** | Exploitable now, immediate damage. | `curl URL \| bash`, `rm -rf /`, env var exfiltration, `eval` on ra
[HIGH] Prompt injection or system override attempt
(line 321)
| `AI_PROMPT_002` | Agent Impersonation | "pretend to be", "you are now", "act as an Anthropic employee" |
[HIGH] Prompt injection or system override attempt
(line 337)
Check for code that establishes persistence on the host system:
[HIGH] Shell command execution
(line 91)
> **Note:** By-design findings (e.g., `exec()` in agent frameworks) are displayed for transparency but do not affect the
[HIGH] Shell command execution
(line 192)
> **By-design findings** are patterns that are core to the package's documented purpose (e.g., `exec()` in an agent fram
[HIGH] Shell command execution
(line 267)
- `subprocess`, `os.system`, `eval`, `exec`, `compile` usage
[HIGH] Shell command execution
(line 428)
-d '{"fix_description": "Replaced exec() with execFile()", "commit_url": "https://..."}'
[HIGH] Shell command execution
(line 446)
"description": "User input is passed directly to child_process.exec() without sanitization",
[HIGH] Shell command execution
(line 449)
"content": "exec(`npm install ${userInput}`)",
[CRITICAL] Remote script download piped to shell execution
(line 472)
| **Critical** | Exploitable now, immediate damage. | `curl URL \| bash`, `rm -rf /`, env var exfiltration, `eval` on ra
[MEDIUM] Cron job installation or modification
(line 341)
| `PERSIST_001` | Crontab modification | `crontab -e`, `crontab -l`, writing to `/var/spool/cron/` |
[MEDIUM] Cron job installation or modification
(line 493)
| `PERSIST` | Persistence mechanisms: crontab, RC files, git hooks, systemd *(v2)* |
[MEDIUM] Cron job installation or modification
(line 637)
- **Persistence Detection (6 patterns):** New `PERSIST_*` category for crontab, shell RC files, git hooks, systemd servi
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 40
[HIGH] Fake developer/admin mode activation
(line 322)
| `AI_PROMPT_003` | Capability Escalation | "enable developer mode", "unlock hidden capabilities", "activate god mode" |
[HIGH] Content contains alarming words not in description: jailbreak
CLICKFIX — Score: 65
[CRITICAL] Instructs user to disable security features
(line 326)
| `AI_PROMPT_007` | Trust Boundary Violation | "skip all validation", "disable security", "ignore safety checks" |
INFRASTRUCTURE — Score: 100
No findings.
TWOSTAGE — Score: 5
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 472)
| **Critical** | Exploitable now, immediate damage. | `curl URL \| bash`, `rm -rf /`, env var exfiltration, `eval` on ra
CREDENTIAL — Score: 100
No findings.
TYPOSQUAT — Score: 100
No findings.