ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ad Creative Migrated

v1.0.0

Skill migrada desde examples - ad-creative con capacidades completas

0· 83·0 current·0 all-time
byJosé Cuevas@jacr6
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description claim a full-featured ad-creative skill, but the SKILL.md contains only metadata and example snippets rather than concrete runtime instructions. The examples reference other local skill modules (e.g., ~/.opencode/skills/subagente-optimizado, buscador_de_skills, exa-search), which is plausible for integration but not justified or explained in the document — this makes the claimed capabilities unclear and dependent on external local components that are not provided.
!
Instruction Scope
SKILL.md is effectively a placeholder with usage examples that require loading modules from the user's home directory (~/.opencode/skills). While the file itself doesn't instruct the agent to read arbitrary files, the example code implies the skill (or consumers of it) will require local filesystem modules. That introduces the possibility of unexpected local file access or dependency on other local skills/subagents not present here.
Install Mechanism
There is no install spec and no code files beyond SKILL.md, so nothing is written to disk by an installer. This is low-risk from an installation perspective.
Credentials
The skill declares no required environment variables, credentials, or config paths. There are no direct requests for sensitive tokens or unrelated credentials.
Persistence & Privilege
always is false and the skill does not request persistent presence or system-wide configuration changes. It does not declare autonomous privileges beyond the platform defaults.
What to consider before installing
This SKILL.md appears to be a migrated example, not a complete, self-contained implementation. Before using or installing: (1) inspect any actual code that will be executed — the SKILL.md references modules under ~/.opencode/skills which would access your home directory; (2) ensure the referenced modules exist and review them for unexpected behavior; (3) do not run unknown code in a production environment — test in a sandbox; (4) request or verify a concrete implementation or an install spec if you expect full ad-creative functionality. If you need a concise ad-creative skill, prefer one with explicit runtime instructions, a clear install source, and no absolute local path requirements.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ekqr33qy9dqktdyhzbaacs583w3ez

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments