ClawHub

AdKit: Google Ads MCP & Meta Ads MCP, Facebook, Instagram, PPC Campaign Agent

Security checks across malware telemetry and agentic risk

Overview

This ad-management skill is mostly transparent and purpose-aligned, but it grants live advertising and raw platform mutation authority with broad activation cues that users should review carefully before installing.

Install only if you intend to let an agent operate connected Google or Meta ad accounts through AdKit. Before publishing, require a clear review of account, budget, targeting, creative, and draft IDs, and avoid using raw platform API requests unless you understand the exact native operation being sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The documentation explicitly exposes `adkit manage platform-api-requests` for raw platform API access, including unsupported endpoints and multi-resource workflows. That materially expands the agent's effective capabilities beyond the stated ad-management abstraction and weakens safety guardrails, because an agent can invoke lower-level platform operations that may bypass normalized validation, scope restrictions, or safer draft-oriented flows.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list contains broad, common phrases such as 'create campaign', 'create ad', 'run ads', 'keyword research', and 'ad library' that are likely to match ordinary ad-related user requests even when the user did not intend to invoke this specific skill. Because this skill can manage ad operations and potentially publish through external systems, overbroad activation increases the risk of unintended loading and action routing.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description says to load the skill when the user 'wants to execute ad operations or is ready to publish a campaign,' which is subjective and broad enough to capture many normal ad discussions. In a skill capable of managing ad assets and publication workflows, ambiguous activation criteria can cause the agent to select the skill prematurely and steer the session toward sensitive external actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents both `--publish` for immediate live changes and direct draft publication commands without requiring an explicit user confirmation step or warning about real-world consequences. In an ad-management context, this can cause unintended spend, policy violations, or public launch of incorrect campaigns if an agent acts on ambiguous prompts or malformed inputs.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal