Claude Skills Ad Creative

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent ad-copy assistant with a local validation helper and no evidence of hidden, destructive, persistent, or data-exfiltrating behavior.

Install if you want help drafting and checking ad copy. Review platform rules independently before launching campaigns, and be aware the local validator only reads provided copy and applies heuristic checks; it is not a substitute for legal, medical, financial, or platform compliance review.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 98% confidence
Finding: This is a mismatch because the declared purpose presents the skill as pure creative production for writing or generating ad copy, explicitly distinguishing it from other functions. The actual code does not generate, iterate, or scale ad creative; it audits provided copy for compliance-like issues and character limits across ad platforms, then reports scores and pass/fail results. While the description briefly mentions 'ad copy validation' as a possible use case, the code's primary behavior is validation only, not creative production, so the description does not accurately represent what the code actually does.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal