ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ad Filing Compliance Helper

v1.0.0

Checks advertising filing requirements, prepares documents, tracks regulations, and guides compliance and submission status for ads.

0· 43·1 current·1 all-time
by@eric060
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description (ad filing / compliance helper) align with the capabilities listed in SKILL.md (check, prepare docs, track status). However, the SKILL.md expects a local Python program (skills/ad-filing-compliance-helper/check.py) to perform these tasks, yet no code files are included. That mismatch suggests the skill is incomplete or incorrectly packaged.
!
Instruction Scope
The only runtime instruction is a usage example to run a local Python script against an ad content file (ad_content.md). There are no broader or hidden instructions, but because the referenced script is missing, the instructions are non-actionable and may mislead an agent into attempting to execute non-existent commands. The usage implicitly requires access to the user's ad file path, but SKILL.md does not document any required inputs, safety checks, or external endpoints.
Install Mechanism
No install spec and no code files — lowest-risk in terms of automatic installation. Nothing will be written to disk by an installer because there is no installer. The risk here is not from installation but from missing/misleading instructions.
Credentials
The skill declares no required environment variables, credentials, or config paths, which is proportionate for an instruction-only helper. There is no unexplained request for secrets or unrelated credentials.
Persistence & Privilege
always is false and the skill does not request persistent presence or elevated privileges. Autonomous invocation is allowed by platform default, but there is no evidence this skill abuses that. Combined with other findings, there is no immediate persistence/privilege concern.
What to consider before installing
This skill looks incomplete: SKILL.md tells agents to run skills/ad-filing-compliance-helper/check.py but the package contains no code. Before installing or enabling it, ask the publisher for the missing code or a proper source/homepage. Do not provide sensitive credentials or system files to the skill until you can review the actual implementation. If you plan to use it, require that the author: (1) publish the check.py and any dependencies (or provide a trustworthy repo/release), (2) document exactly what files it reads/writes and whether it calls external services, and (3) explain any required environment variables. Because the current package is inconsistent, treat it as incomplete/possibly broken rather than ready-to-run.

Like a lobster shell, security has layers — review code before you run it.

latestvk9788401mhjqfm9wwk94b6tt4184dc74

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments