ClawHub

Ads Creator Selector

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only advertising planning skill with scope and naming inconsistencies, but no code execution, credential access, persistence, or hidden account-changing behavior.

Install this only if you want advisory ad planning help, not a dedicated creator database or automated campaign executor. Do not provide ad account credentials or private tokens, and verify any budget or campaign recommendations against your own platform data and policies before spending money.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill’s declared purpose is creator/KOL selection, but most of the body defines a broader ad-strategy and budget-allocation agent. This mismatch can cause incorrect routing and overbroad execution, leading the agent to answer outside its intended scope and potentially influence spend decisions without the narrower creator-selection constraints users would expect.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger conditions are broad enough to capture general advertising, growth, budget, and platform-optimization requests that are not specific to creator/KOL selection. In an agentic environment, this can cause the wrong skill to activate and produce irrelevant or over-privileged recommendations, increasing the chance of unsafe automation, user confusion, or harmful business actions such as misallocated budgets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal