Reddit Ads

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Reddit Ads helper that uses ClawLink and includes confirmation steps before ad-changing actions.

Install only if you intend to connect Reddit Ads through ClawLink. Review the permissions granted during ClawLink setup, and approve campaign edits, launches, pauses, bulk operations, or any spend-affecting changes only after checking the preview.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The manifest frames the skill as inspection-oriented, but the body explicitly authorizes write operations such as creating or updating campaign objects. This capability mismatch is dangerous because it can cause users or downstream policy systems to underestimate the skill's ability to modify live ad infrastructure, increasing the chance of unintended spend-affecting changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal