ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Adspirer Ads Agent

v1.5.0

Adspirer — AI-powered advertising and performance marketing agent. Manage Google Ads, Meta Ads (Facebook & Instagram), LinkedIn Ads, and TikTok Ads via natur...

1· 1.4k·5 current·5 all-time
byAbhilash Mekala@amekala
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (ad campaign management across Google, Meta, LinkedIn, TikTok) matches the instructions: the skill instructs the agent to install an Adspirer plugin and then directly call ad-platform tools to read metrics and create campaigns. No unrelated credentials or unrelated platform access are requested in the SKILL.md or claw.json.
Instruction Scope
SKILL.md explicitly instructs installing the openclaw-adspirer plugin, authenticating via Adspirer, and then invoking platform-specific tools that read/write ad accounts. This is in-scope for an ad management agent. Note: the agent will perform live actions on user ad accounts (create/modify campaigns) and therefore requires explicit user OAuth consent at runtime — the instructions correctly emphasize login/connect steps.
Install Mechanism
Install is declared as kind: node (openclaw-adspirer). Because this is an instruction-only skill that delegates functionality to an external Node plugin, installing will fetch code from an external source (npm/registry or a remote URL). The claw.json lists repository/homepage domains consistent with Adspirer, but there is no explicit registry URL or pinned release in SKILL.md. This is expected for a plugin but represents a normal supply-chain/network risk (external code will run).
Credentials
The skill declares no required environment variables or secrets and the SKILL.md does not request unrelated credentials. Account access is handled via the plugin's login/connect flow (OAuth-like), which is appropriate for an ad-management tool.
Persistence & Privilege
always:false and user-invocable:true. The skill does not demand permanent/always-on presence and does not claim to modify other skills or system-wide settings. Autonomous invocation (disable-model-invocation:false) is the platform default and not by itself a red flag.
Assessment
This skill is internally coherent for managing ad accounts, but it relies on installing an external Node plugin (openclaw-adspirer) that will communicate with adspirer domains and act on your ad accounts. Before installing: verify the plugin source (homepage/repo), review the OAuth scopes requested during the 'connect' flow, read Adspirer’s privacy policy, and prefer testing on a non-production ad account. If you need maximum assurance, ask for a pinned release or review the plugin package contents (or the repository) before installing.

Like a lobster shell, security has layers — review code before you run it.

advertisingvk978789pdv048qr5v60dgtt70s820waqgoogle-adsvk978789pdv048qr5v60dgtt70s820waqlatestvk977wthj0hprmtn3a29a1ash4d821yvklinkedin-adsvk978789pdv048qr5v60dgtt70s820waqmarketingvk978789pdv048qr5v60dgtt70s820waqmeta-adsvk978789pdv048qr5v60dgtt70s820waqpaid-mediavk978789pdv048qr5v60dgtt70s820waqperformance-marketingvk978789pdv048qr5v60dgtt70s820waqppcvk978789pdv048qr5v60dgtt70s820waqtiktok-adsvk978789pdv048qr5v60dgtt70s820waq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis

Install

Adspirer Ad Management Plugin

Comments