ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

TikTok Ads Strategy: Creative-First Campaigns and Optimization

v1.0.0

Run TikTok advertising campaigns: creative strategy, campaign structure, audience targeting, bidding, and optimization. Covers In-Feed Ads, Spark Ads, and To...

0· 43·0 current·0 all-time
byNico@jeannen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (TikTok ad strategy, formats, creative guidance, targeting, bidding, optimization) match the SKILL.md content. Nothing in the skill requests unrelated cloud credentials, system-level access, or capabilities beyond ad strategy and execution guidance.
Instruction Scope
The instructions are mostly advisory and stepwise for TikTok Ads Manager. They do include a runtime check: 'run adkit status' and a conditional to use AdKit CLI if present. This is within the scope of 'execution' guidance, but it instructs the agent to run a local command if available, which could cause the agent to interact with a local binary and any credentials that binary already holds.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — the lowest-risk install profile. The only external reference is a homepage (https://adkit.so) mentioned as an optional tool; the skill does not attempt to download or execute code from that site.
Credentials
The skill declares no required environment variables or credentials, which is appropriate for a strategy guide. Caveat: if the agent follows the SKILL.md and invokes an installed AdKit CLI, that CLI may use local credentials or tokens already stored on the machine; the skill itself does not request or enumerate those secrets.
Persistence & Privilege
always is false and there are no installation hooks or requests for persistent presence. The skill is user-invocable and can be invoked autonomously (default behavior), which is normal for skills and not by itself concerning.
Assessment
This skill is essentially a human-readable TikTok ads playbook and appears coherent. Before enabling or allowing autonomous use, consider: (1) The SKILL.md suggests running 'adkit status' — if you have an adkit binary installed, the agent could run it and that binary might access stored tokens; only allow that if you trust the local CLI. (2) The skill does not ask for credentials, but any local tooling it invokes could. (3) Because it’s instruction-only, no code will be installed by the skill itself — verify any external tooling (AdKit) you choose to use separately. If you prefer tighter control, disable autonomous execution or confirm with the agent before it runs any local commands or accesses any third-party CLIs.

Like a lobster shell, security has layers — review code before you run it.

latestvk978x97ekzmavsha5cknagexsn84pyec

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments