ClawHub

Adcp Advertising 1.0.1

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate advertising-automation guide, but it gives agents authority to launch and change paid campaigns without consistently requiring clear user approval or privacy review.

Review this skill before installing. Use the public test agent only for sandbox testing, require explicit human approval for create_media_buy, update_media_buy, sync_creatives, budget changes, launches, and optimizations, set spend caps, and keep production credentials in a secret manager. Have privacy/legal review for tracking pixels, retargeting, lookalike audiences, life-event targeting, and any campaign using customer or behavioral data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The documentation exposes what appears to be a real authentication token and labels it as a reusable example for the test agent. Even in documentation, publishing a live credential can enable unauthorized access, abuse of the test environment, quota exhaustion, and can normalize insecure handling of secrets by downstream users.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The quick reference includes what appears to be a live bearer token for a test agent endpoint. Publishing usable credentials in documentation is a real secret-exposure issue because anyone reading the file can authenticate to the service, consume resources, inspect data available to that token, or use it as a foothold for broader abuse if permissions are larger than intended.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The guide includes example tracking pixels and analytics endpoints that cause data to be transmitted to third-party URLs, but it does not warn about privacy, consent, data-sharing, or regulatory requirements. In an advertising automation skill, users may copy these examples directly into production workflows, creating silent collection or disclosure of user interaction data without adequate review.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The optimization example automatically updates live creative assignments based on performance with no warning, approval step, rollback guidance, or mention of business and compliance review. In ad operations, automated changes to production campaigns can unintentionally serve unapproved creatives, disrupt pacing, or violate campaign controls if the logic is reused as-is.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The example explicitly says approval is required, but then hard-codes `const shouldOptimize = true` and proceeds to modify campaign budgets automatically. In an advertising automation skill, this can cause unauthorized spend changes or policy violations if users copy the example into production without adding a real approval gate.

Missing User Warnings

High
Confidence
99% confidence
Finding
A live authentication token is included directly in example code without any warning about credential sensitivity or whether the token is restricted, temporary, or revoked. In a skill for advertising automation that can initiate media-buying workflows, exposed credentials are especially risky because users may copy and use them directly, potentially leading to unauthorized API use or abuse of connected ad infrastructure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The reference presents campaign creation and update calls as quick-start examples without prominently warning that they can trigger real ad spend and modify live account state. In an AI-agent skill context, concise runnable snippets increase the chance of accidental execution, causing unauthorized purchases, budget changes, or campaign launches if connected credentials are present.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The workflow and examples normalize creative syncing and audience targeting without any privacy, consent, or data-handling cautions. In an advertising automation skill, this is riskier than generic API docs because users may upload copyrighted or sensitive assets and configure demographic/behavioral targeting that can violate platform policy, privacy law, or internal governance if done blindly.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README encourages creation and optimization of advertising campaigns, budget shifts, and live launches, but does not clearly warn that these actions can spend real money or require explicit user confirmation before execution. In an agentic context, ambiguous natural-language commands could cause unintended campaign launches or budget reallocations, leading to financial loss and operational mistakes.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill advertises very broad natural-language triggers such as creating campaigns, launching ads, buying media, and pausing campaigns using ordinary phrasing. In an agent ecosystem, this increases the chance of accidental invocation from routine conversation and can lead to unintended advertising operations, including spend allocation or campaign changes, without the user appreciating that a live ad-buying skill has been engaged.

Missing User Warnings

High
Confidence
97% confidence
Finding
The description emphasizes ease and natural-language automation but does not clearly warn that commands may create, modify, or optimize real ad campaigns with financial consequences. In this context, omission of spend and live-environment warnings is dangerous because users may treat the skill like a simulation or advisory tool when it can drive actual budgeted media-buy operations.

Missing User Warnings

High
Confidence
98% confidence
Finding
The Quick Start markets campaign launch as 'No setup required' and 'Campaign goes live instantly' while walking directly from discovery to live creation, but it does not foreground whether the flow is test-only or warn about the possibility of real spend. This is especially risky in an advertising skill because a user following examples verbatim could unintentionally launch or prepare revenue-impacting campaigns, upload creatives, and commit budget in a production-like environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document explicitly promotes behavioral targeting based on interests, purchase intent, life events, website visitor retargeting, and lookalike audiences, but provides no privacy, consent, transparency, or legal-compliance guidance. In an advertising automation skill, this omission is operationally dangerous because it normalizes use of potentially sensitive audience data and tracking mechanisms in a way that could lead users to deploy privacy-invasive campaigns or violate platform policies and data protection laws.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal