Back to skill
Skillv1.7.0
ClawScan security
paid-ads-strategy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 8, 2026, 9:19 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's advice and scope align with a paid-ads strategy assistant, but its runtime instructions tell the agent to read local project-context files (paths not declared in the skill metadata), which is an unexplained scope creep and worth verifying before install.
- Guidance
- This skill appears to be legitimate advice material for paid ad strategy, but it asks the agent to read local project-context files (.agents/project-context.md or .claude/project-context.md) even though no config paths are declared. Before installing or invoking: 1) Confirm you are comfortable with the agent reading those project files — open them yourself to see what they contain. 2) If you do not want the agent to read local files, block or remove those files or avoid using this skill. 3) Be aware that to actually execute ads the skill points to other execution skills (google-ads, meta-ads, etc.); those will require API credentials — review those skills' requirements and permissions before providing keys. 4) If you want stricter control, ask for an explicit prompt that requests your permission before the skill reads any local files or invokes other skills that require credentials.
Review Dimensions
- Purpose & Capability
- okName and description (paid ads strategy, channel selection, budget allocation) match the SKILL.md content. The skill is instruction-only and does not request binaries, env vars, or installs — that's proportionate for a guidance-only strategy skill.
- Instruction Scope
- concernThe SKILL.md instructs the agent to check and read local files if present: '.agents/project-context.md' or '.claude/project-context.md' before asking questions. These file reads are not declared in the skill's metadata (required config paths is empty). Reading arbitrary project-context files can expose sensitive project data; the instruction is specific (good) but not declared, which is an incoherence and a potential privacy risk.
- Install Mechanism
- okNo install spec and no code files — instruction-only. This is the lowest install risk because nothing new is written to disk by the skill itself.
- Credentials
- noteThe skill declares no required environment variables or credentials (good). However it references execution via other platform-specific skills (google-ads, meta-ads, etc.); those other skills may require credentials. The current skill doesn't request those secrets itself, but installing/using the referenced execution skills will likely need API keys/credentials.
- Persistence & Privilege
- okFlags show always:false and user-invocable:true; normal autonomous invocation is allowed by platform defaults. The skill does not request permanent presence or system-wide changes in its instructions.