Skillv1.0.0

ClawScan security

paid-ads · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 3:24 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly an advisory paid-ads playbook with a benign local ROAS calculator, but it claims direct access to ad platform accounts while requesting no credentials or connectors — an incoherence you should understand before installing or trusting it to act on accounts.
Guidance: This skill looks like a detailed paid-ads playbook plus a harmless local ROAS calculator, not a connector that will manage your ad accounts. Before installing or using it, consider: (1) If you expect the skill to perform automated actions in Google Ads, Meta, LinkedIn, etc., verify how it will obtain credentials — the skill declares none. (2) The SKILL.md will read a local file named .claude/product-marketing-context.md if present, so don't place secrets or account tokens in that file unless you trust the skill. (3) Review the included scripts/roas_calculator.py (it's local and appears benign) and ensure you are comfortable with the author/publisher — source/homepage is unknown. (4) If you want automatic account access, prefer skills that explicitly declare required env vars or official connectors and have a clear auth flow; ask the publisher to clarify how authentication is handled and why no credentials are required if they truly intend to access ad platforms.

Review Dimensions

Purpose & Capability: concernThe skill description and SKILL.md repeatedly state the agent has 'direct access to ad platform accounts' and covers Google Ads, Meta, LinkedIn, Twitter/X, etc., which implies API/credential use. However, the skill declares no required environment variables, no credential primaryEnv, and no install steps or connectors; there is also no guidance on how to authenticate to ad platforms. That mismatch between claimed capability (account access / automation) and the actual footprint (instruction-only + a local ROAS script) is an incoherence.
Instruction Scope: noteThe instructions are detailed and limited to marketing tasks: gathering campaign goals, creative, targeting, and optimization. They instruct the agent to read a workspace file (.claude/product-marketing-context.md) if it exists — a local context read that is plausible for this skill but not listed in requires.config. The SKILL.md does not instruct the agent to read unrelated system files or to exfiltrate data to external endpoints.
Install Mechanism: okNo install spec (instruction-only) and the included Python ROAS calculator is a small, self-contained script that reads local JSON or CLI args. No network downloads or package installs are performed by the skill itself.
Credentials: concernThe skill requests no environment variables or credentials despite describing functionality that would normally require API keys or platform access. This could be an honest design choice (the skill is advisory only), but it's an important inconsistency: if you expect automated account actions, this skill provides no declared mechanism to supply or secure credentials.
Persistence & Privilege: okThe skill is user-invocable, not 'always:true', and does not request to modify other skills or system-wide settings. It does not claim persistent or elevated privileges.