ClawHub

Google Ads CLI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Google Ads reporting skill, but it should be used only with accounts and credentials the user intentionally authorizes.

Install only if you trust the external google-ads-open-cli npm package and intend to let the agent query Google Ads data with local credentials. Use least-privilege tokens, avoid printing or pasting secrets, confirm the exact customer account before running reports, and keep GAQL queries limited to the fields and date ranges needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes very broad terms such as "Google Ads," "ad performance," and "ad account," which can cause the skill to activate in situations where the user did not clearly intend to grant access to advertising account data. In this skill’s context, unintended invocation is more sensitive because the tool can enumerate accessible accounts and expose account structure, campaign, billing, and performance data derived from existing credentials.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The authentication section explains how credentials are discovered and used, but it does not warn that commands may reveal sensitive ad account data, account hierarchy, billing details, search terms, landing pages, or other commercially sensitive information from whatever credentials are present. In an agent setting, this omission increases the risk of the model querying unintended accounts or over-disclosing data to the user without an explicit consent checkpoint.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal