ClawHub

Microsoft Ads CLI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Microsoft Ads reporting skill that requires expected ad-account credentials and shows no evidence of hidden, destructive, or unrelated behavior.

Before installing, verify the `microsoft-ads-cli` npm package and consider pinning a trusted version. Use least-privileged Microsoft Ads credentials, do not paste tokens into chat or logs, avoid exposing secrets in shell history, and protect any local credentials file with restrictive permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill claims the CLI is read-only, but the text also says it can 'manage' UET conversion goals, which implies possible write operations against advertising account configuration. This mismatch can mislead an operator into granting broader trust and running commands under the false assumption that no state-changing actions are possible.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
This is a real security-relevant contradiction rather than a mere wording issue because safety expectations hinge on whether a tool can modify ad accounts. A user or agent relying on the 'read-only' claim may invoke the skill in contexts where mutating access would otherwise be disallowed.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The skill asks for highly sensitive advertising credentials and account identifiers, but it does not include explicit guidance not to paste secrets into chat, how credentials are stored, or how to minimize exposure. In a conversational agent setting, this increases the risk of users disclosing OAuth tokens or developer tokens through unsafe channels.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal