Ads Optimizer

Security checks across malware telemetry and agentic risk

Overview

This ad-optimization skill is coherent, but it can change live advertising campaigns and budgets without clearly documented approval gates or spend controls.

Review before installing. Use this only with accounts, wallets, and API access that have strict spend limits, and require human approval before any campaign creation, budget change, targeting change, creative test, or other live ad mutation. Avoid sending sensitive client campaign data unless you trust the provider and understand its data-handling terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill advertises campaign management features that can create or update live ad campaigns, run tests, and potentially influence spend, but it does not clearly warn users or downstream agents that these actions may modify active ads or incur real budget costs. In an autonomous-agent context, this omission increases the chance of unintended live changes, budget overruns, or unauthorized modifications being executed without explicit human confirmation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal