Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ads-case-analyzer
v1.0.4内容消费行业广告投放 Case 排查助手。输入 campaign_id/advertiser_id/brand_account_id、数据分析周期和排查方向,自动拉取投后数据、出价数据,完成漏斗分析、出价链路拆解、根因推断,产出结构化 Redoc 分析文档。当用户说「帮我排查这个客户的投放」「分析一下这个计划为什...
⭐ 0· 58·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description and SQL templates clearly target internal Hive/CK ad tables (hive_prod, reddw, reddw.feed_trace_*, etc.). That purpose legitimately requires database/query access and possibly internal service endpoints, but the skill declares no environment variables, config paths, or credentials needed to connect to those systems. Relying implicitly on the agent runtime to already have access is a mismatch that should have been declared.
Instruction Scope
SKILL.md instructs the agent to run many SQL queries against internal tables, aggregate results, then place those results into an LLM prompt (root_cause_prompt.md) for inference. This means potentially sensitive internal metrics and identifiers (advertiser_id, campaign_id, fee, advv, conversion counts, etc.) will be collected and fed to the model. There is no guidance about redaction, minimization, or which model/endpoint will receive the data.
Install Mechanism
Instruction-only skill with no install spec and no code to write to disk. Required binaries (curl, jq, python3) are plausible helpers for calling APIs and processing JSON; nothing is downloaded or executed by an installer here.
Credentials
The skill requires access to internal data sources but declares no credentials, API keys, or config paths. That absence is disproportionate: a data‑pulling skill should declare what auth or connector it needs (DB credentials, Hadoop/Hive gateway, Kerberos tickets, or internal API endpoints). Also the instructions will result in sensitive internal data being embedded into LLM prompts — this is a credential/data‑exposure risk if the model endpoint is external or not authorized.
Persistence & Privilege
No always:true, no installs, and no modifications to other skills or global agent config. The skill does allow normal autonomous model invocation (default), which is expected for analysis skills; by itself this is not flagged.
What to consider before installing
This skill appears designed to run inside a company environment that already has Hive/CK access and internal dashboards. Before installing, confirm: (1) where and how the agent will execute the SQL (what connector/credentials it will use) and provide least‑privilege credentials or scoped read‑only roles; (2) which LLM endpoint will be invoked — if it's an external/public model, do NOT send raw advertiser/campaign data or PII; redact or aggregate sensitive fields or ensure the model is hosted inside your trust boundary; (3) that curl/jq/python3 are available on the runtime and any network calls go to approved internal endpoints; and (4) run the skill in a staging environment first to verify it can't access more data than intended. If you cannot guarantee internal-only model execution and secure DB credentials, treat this skill as high risk for data exposure.Like a lobster shell, security has layers — review code before you run it.
latestvk978q1mwsnxvvs8zbc3318d3z1843z05
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis
Binscurl, jq, python3