Juliang Qianchuan Auto Ads V1
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: juliang-qianchuan-auto-ads-v1 Version: 1.2.6 The bundle provides a complex workflow for automating ad placements on the 'Ocean Engine' (巨量千川) platform using browser control (CDP) and Feishu bot integration. It is classified as suspicious because the SKILL.md instructions explicitly direct the AI agent to hide technical implementation details (such as script names, workspace paths, and data interfaces) from the user, which reduces operational transparency. Additionally, the preflight script (qianchuan_preflight.sh) enforces the use of a non-existent model version ('gpt-5.5'), and the installation scripts (install-qianchuan-client.js) utilize risky execution patterns like 'shell: true' on Windows, which could be leveraged for command injection if inputs are manipulated.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configuration or state is wrong, the agent could spend more ad budget or remove live ad plans without a fresh per-action confirmation.
The skill can automatically change bids and delete ad plans during monitoring, which are high-impact paid advertising account mutations.
`direct_delete`:广告组名称、广告组 ID、计划 ID、计划名全匹配时直接删除;... 连续 15 分钟消耗不增长:出价提高 5%,最高 1.00
Default to require_confirmation for deletion and bid changes, require explicit confirmation before every paid-account mutation, and set hard daily spend/bid limits.
A real embedded secret could expose or reuse a Feishu application credential across customers, weakening account isolation.
The static scan reports a client_secret literal in the Feishu setup script, while the documentation says App Secrets should only be obtained during customer authorization and stored locally.
client_secret: "[REDACTED]"
Verify the file contains no real secrets, replace any literals with placeholders or runtime-generated values, and declare Feishu/Qianchuan credential requirements in metadata.
Users may be asked to run installer code that is not present in, or reviewable from, the supplied package, while that installer path is supposed to change OpenClaw configuration and services.
The Windows instructions ask users to run a PowerShell bypass installer, but the reviewed manifest does not include INSTALLER-MAIN.ps1 or the referenced RUN-ME-FIRST entrypoints.
powershell -NoProfile -ExecutionPolicy Bypass -NoExit -File .\INSTALLER-MAIN.ps1
Publish a complete manifest with all installer entrypoints, avoid ExecutionPolicy Bypass where possible, and ensure ClawHub install metadata matches the actual setup path.
Installing the skill can modify local OpenClaw state rather than only adding prompt text.
The installer runs local OpenClaw CLI commands, which is expected for this deployment workflow but gives the package local execution authority.
const result = spawnSync("openclaw", args, {Run the installer only from a trusted package, review the printed actions, and prefer dry-run or manual setup before granting it access to production accounts.
If these state files are corrupted or edited incorrectly, the agent may target the wrong plan, block valid work, or make unsafe monitoring decisions.
Persistent local memory/state files drive future deduplication, monitoring, and mutation decisions.
本地台账是 `memory/qianchuan-plan-registry.json`;查重必须同时覆盖计划名称和 `行为类目词 + 兴趣类目词` 组合
Protect the workspace files, back them up, and validate state before allowing publish, bid, delete, or stop-monitoring actions.
If Feishu permissions or chat routing are too broad, an unintended user or group could trigger ad workflow commands.
The workflow connects OpenClaw to Feishu bot messages and active notifications, so message origin and chat allowlisting matter.
记录当前会话 target:`user:ou_xxx` 或 `chat:oc_xxx` ... 测试一次主动通知
Use a dedicated Feishu bot, keep direct-message allowlisting enabled, disable group use unless necessary, and verify owner_open_id/chat_id before production use.
Background monitoring may continue to act on ad accounts until stopped or until its state says the live session has ended.
The skill sets up long-running gateway/monitoring behavior that continues after the initial command and can affect live ad operations.
安装并启动 Gateway ... 每 15 分钟监控消耗与点击 ... 直播结束后停止监控
Make the running monitor visible to the user, provide a simple stop command, and require confirmation before any background task mutates ads.