Marketing Orchestrator Adarsh
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only marketing orchestrator is purpose-aligned, but it delegates work to other skills and may rely on external API credentials, so users should review those downstream components and credential scopes.
Before installing, confirm that you trust the referenced collector and report-generator skills and understand any API keys they require. The orchestrator itself is instruction-only and does not show hidden code, persistence, or destructive behavior in the provided artifacts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The audit result and any downstream data access depend on whichever collector and report-generator skills are installed under those names.
The orchestrator calls separately named skills, but the artifacts do not pin those downstream skills by owner, version, or source. This is expected for an orchestrator, but users should verify the referenced skills.
auditData.instagram = await runSkill('instagram-collector', { handle: input.instagramHandle });Review and trust the Instagram, Meta Ads, SEO, competitor, website-audit, and report-generator skills before using this orchestrator.
Website/domain, Instagram handle, collected marketing data, and raw audit data may be shared with multiple downstream skills.
The skill intentionally passes work and aggregated audit data between multiple agents/subprocesses. This is purpose-aligned, but the artifacts do not define identity, permission, or data-boundary details for those downstream calls.
Each runSkill call corresponds to invoking another skill as a sub-agent or subprocess.
Use this only with downstream skills you trust, and avoid providing domains or handles if the resulting raw audit data should not be shared across those skills.
If downstream collectors use API keys, they may access third-party marketing or analytics services under the user's authority.
The skill does not declare required credentials, but it acknowledges that external-service API keys or environment variables may be involved through the framework or downstream collectors. This is expected for marketing data collection, but credential scope is not specified here.
The calling framework should handle API keys, env vars for external services.
Use least-privilege API keys where possible and confirm which downstream services and permissions are required before running the audit.