ClawHub

paid-ads-strategy

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only paid advertising strategy skill with no code, install hooks, credential access, or direct ability to spend money.

Safe to install as a planning skill. Review local project-context files for sensitive business details before use, and require explicit approval before invoking downstream ad-platform skills that could create campaigns, change public ads, or spend budget.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill trigger is extremely broad and includes many generic marketing and advertising terms, so it may be invoked for routine discussions that do not actually require this specialized skill. Over-broad routing can cause unintended context capture, inappropriate delegation, or disclosure of project context files to the wrong workflow, which is a real security and privacy concern in agent systems even without malicious intent.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal