Ad Context Protocol (AdCP) Advertising
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: adcp-advertising Version: 1.0.1 The skill bundle provides extensive documentation and examples for integrating with the Ad Context Protocol (AdCP) to manage advertising campaigns. All content, including code snippets and instructions in SKILL.md and other markdown files, is clearly aligned with the stated purpose of advertising automation. The public test agent URL and authentication token (e.g., `https://test-agent.adcontextprotocol.org/mcp` and `1v8tAhASaUYYp4odoQ1PnMpdqNaMiTrCRqYo9OJp6IQ`) are explicitly documented as 'intentionally public' for testing purposes in SKILL.md and README.md, and advice is given to store production credentials securely. There is no evidence of intentional harmful behavior, data exfiltration, persistence, or prompt injection attempts against the OpenClaw agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to a production ad account, an agent could create or alter campaigns that spend money and publish ads before the user has reviewed all details.
The skill explicitly contemplates production ad delivery and real spending. The provided instructions do not pair this with mandatory confirmation, spend caps, approval gates, or rollback controls before campaign creation or budget changes.
Ready for real ad delivery? ... Launch campaigns with real budgets
Require explicit user confirmation for every production create, update, pause, resume, budget, and creative action; enforce account-level spend limits; and keep test and production endpoints visibly separated.
A production token could let the agent act on an advertising account, including creating campaigns or changing budgets.
Bearer tokens are expected for this integration, but they authorize campaign-management operations and production credential handling is not reflected in the registry credential declarations.
AdCP uses **Bearer token authentication**: `Authorization: Bearer <your-token>`
Use least-privilege production tokens, store them in a secret manager or environment configuration, and never paste production tokens into prompts, examples, or skill files.
Sensitive marketing plans or targeting details could be shared with an untrusted or mistaken advertising endpoint.
The workflow relies on external AdCP/MCP agent endpoints. Campaign briefs, brand manifests, targeting, and creative information may be sent to whichever endpoint is configured.
Find sales agents: `get_adcp_capabilities` on production endpoints ... Update agent URL to production
Use only verified production endpoints, confirm which provider will receive each request, and minimize campaign or audience data sent to agents you do not trust.
Users may not know who maintains the instructions that guide production campaign actions.
No executable code is included, so the install-time risk is limited, but the provenance of a skill that guides high-impact ad spending is not fully established by the supplied metadata.
Source: unknown
Verify the skill repository, compare instructions with the official AdCP documentation, and prefer reviewed sources before using it with production ad accounts.