ClawHub

Google ads for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This Google Ads skill is aligned with its stated purpose, but users should be careful because it uses local ad-account credentials and may select the first accessible account by default.

Install only if you intend to let this skill use your Google Ads API credentials. Use a dedicated least-privilege credential where possible, protect ~/.google-ads.yaml, verify which customer account is selected, and require explicit confirmation before any budget or campaign-status change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill describes behavior that can create or modify a configuration file (`~/.google-ads.yaml`), which is a file-write capability, but it does not declare permissions or clearly constrain that behavior. Undeclared write access is dangerous because an agent may alter user environment or credential material without explicit authorization or audit visibility.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose is Google Ads management, but the detected behavior includes creating a credential/config template in the user's home directory, which is not disclosed as a primary capability. This mismatch is dangerous because hidden setup-side effects can lead to unauthorized file creation, accidental credential exposure, or social-engineering users into populating sensitive secrets in an unexpected location.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The tool automatically loads Google Ads credentials from the default local configuration and then enumerates accessible customers without any explicit user confirmation or disclosure. In an agent-skill context, this increases the chance of using sensitive local credentials implicitly, potentially exposing account metadata or enabling unintended actions against the wrong Google Ads account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal