Back to skill

Security audit

OpenClaw Marketing Skills

Security checks across malware telemetry and agentic risk

Overview

This is a mostly documentation-based marketing skill pack, but it needs review because it encourages ad-account, tracking, outreach, customer-list, and voice-cloning workflows without consistent approval, consent, or privacy guardrails.

Install only if you want an agent to help with broad marketing work and you are prepared to supervise sensitive tasks. Treat paid ads, analytics, email automation, customer-list uploads, retargeting, and voice cloning as human-approval workflows: verify consent, platform rules, privacy requirements, spend limits, and account permissions before acting. Avoid putting secrets, regulated customer data, or unreleased confidential plans into the reusable product-marketing context unless that is acceptable for your workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (34)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The statement that the agent has 'direct access to ad platform accounts' materially changes the implied trust and capability boundary of the skill. In a paid ads context, that implies the agent may be able to create, edit, or scale live campaigns and spend money, yet the document provides no guardrails, approval requirements, or operational constraints. This is dangerous because users or downstream systems may over-trust the skill and allow actions affecting budgets, targeting, or compliance-sensitive campaigns.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README provides very broad natural-language trigger examples such as '优化这个落地页的转化率' and '帮我投Google广告', which are ordinary user requests rather than narrowly scoped invocation patterns. In an agent skill ecosystem, this can cause unintended skill activation on routine conversation, leading the agent to perform marketing workflows or consume context automatically when the user did not explicitly intend to invoke this repository's skills.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill advertises activation through very broad natural-language examples like general marketing requests, which can cause the agent to invoke this bundle in situations where the user did not explicitly request installation or use of this specific skill pack. In a multi-skill environment, this increases the chance of over-triggering, unintended tool/skill selection, and accidental application of generic marketing guidance to unrelated or sensitive contexts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file explicitly recommends brand voice cloning and personalized video generation but provides no warning about obtaining consent, respecting publicity/privacy rights, or avoiding sensitive personal data. In a marketing skill, these omissions materially increase the likelihood that users will deploy impersonating or privacy-invasive campaigns, creating legal, reputational, and abuse risk.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The API examples send prompts and creative content to third-party providers without stating that data leaves the local environment and may be stored or processed under vendor policies. This can lead users to paste confidential campaign plans, unreleased product details, or customer data into external services without informed consent or review.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The dedicated voice cloning section promotes cloning from short audio samples and brand spokesperson reuse but omits any requirement for consent, authorization, or anti-impersonation safeguards. Because this is operational guidance, not neutral theory, the missing guardrails make misuse for deceptive ads, fraud, or unauthorized likeness exploitation more likely.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description contains very broad trigger language such as 'use this whenever someone wants their content to be cited or surfaced by AI assistants and AI search engines.' In an agentic system, this can cause the skill to activate for loosely related or generic AI-assistant questions, leading to incorrect tool/skill selection, scope creep, and unintended guidance being applied outside its intended SEO context.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill gives concrete analytics implementation guidance and code examples that encourage event collection, but it does not prominently warn users before implementation about data transmission, consent, and the risk of collecting personal or sensitive data. Although privacy considerations appear later, the lack of an upfront warning increases the chance that an agent or user will implement tracking in a non-compliant way, especially in regulated jurisdictions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The reference explicitly recommends collecting persistent identifiers such as user_id and account_id, and also includes potentially sensitive fields like error_message, without any guidance on minimization, consent, retention, or avoiding PII in analytics payloads. In a marketing analytics skill, this can lead downstream users to implement tracking that violates privacy expectations or regulatory requirements and increases the risk of sensitive data exposure through logs, vendors, or analytics platforms.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The reference includes examples for setting persistent user identifiers and exporting audiences to advertising platforms without any guidance on consent, lawful basis, or restrictions on sharing user data. In a marketing analytics skill, this omission can lead implementers to deploy privacy-impacting tracking by default, creating regulatory, contractual, and user-trust risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document recommends enabling enhanced measurement, Google Signals, site search tracking, and ad integrations as straightforward setup steps, but does not warn that these features collect additional user data and may require prior consent or disclosure. Because this is an implementation guide, readers may treat these as safe defaults and deploy broad data collection without proper privacy controls.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description uses a very broad set of trigger phrases such as 'retention,' 'how do I keep users,' and 'customers are leaving,' which can cause the agent to invoke this skill in loosely related contexts. Over-broad activation is a real security and safety issue because it expands the skill’s influence beyond a narrowly intended scope, increasing the chance of inappropriate guidance, unintended data access, or workflow interference when another skill would be more appropriate.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill description includes many broad, everyday trigger phrases such as 'how do I write a cold email' and 'nobody's replying to my emails,' which can cause the skill to be invoked in loosely related contexts without strong user intent. Over-broad activation increases the chance that an agent applies persuasive outreach guidance where it is not appropriate, and in security-sensitive agent systems this can enable prompt-routing abuse or unintended autonomous behavior.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guidance explicitly recommends making cold outreach appear as though it came from a colleague rather than a vendor, which is deceptive impersonation-style social engineering. In a cold-email skill, this is more dangerous because it operationalizes misleading tactics at scale and normalizes evasion of recipient judgment rather than transparent marketing.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger description is broad enough to match generic competitor-related phrases such as 'how do we compare to X' or 'competitor teardown,' which could cause the skill to activate outside the user's actual intent. This is not inherently malicious, but it can misroute tasks, override more appropriate skills, and lead to irrelevant or biased outputs in multi-skill agent environments.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description includes many broad, everyday trigger phrases such as 'make this better,' 'polish this,' and 'clean up this text,' which can cause the skill to be invoked in situations outside its intended scope. Over-broad activation increases the chance of incorrect tool routing, unintended prompt-context exposure, and disruptive behavior in multi-skill agent environments.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description uses many broad trigger phrases such as general requests to write, rewrite, improve, or get help with headlines and descriptions. In an agentic system, this can cause the skill to activate for routine writing tasks beyond narrow marketing-copy use, leading to prompt/skill routing hijack, unintended data exposure to the skill context, or lower-quality task selection. The content is not overtly malicious, but the trigger scope is overly expansive for safe dispatch.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill gives detailed guidance for automated, trigger-based, re-engagement, billing, and win-back email programs without any embedded checks for consent, lawful basis, unsubscribe handling, or sensitive-data minimization. In practice, that can lead agents to help design campaigns that violate anti-spam/privacy rules or send behavior-driven messaging in ways that create legal, compliance, and trust risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill recommends email collection and lead capture patterns without any guidance on consent, privacy notice, lawful basis, retention, or secure handling of personal data. In context, this could cause downstream agents or users to implement lead-gen flows that collect personal information in a non-compliant or unsafe way, creating privacy, legal, and reputational risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill gives operational guidance on collecting emails, names, company, and role data and optimizing forms for conversion, but it omits any privacy, consent, retention, or jurisdiction-specific compliance safeguards. In practice, this can encourage agents or users to design lead capture flows that collect personal data without adequate notice, lawful basis, or data minimization controls, creating regulatory and trust risks.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description contains many broad trigger phrases such as 'marketing ideas,' 'how to market,' 'what else can I try,' and 'I don't know how to market this,' which are likely to match ordinary user conversation beyond the narrow intended scope. In an agentic system, this can cause the skill to activate too often, crowd out more appropriate skills, and steer responses based on this skill's embedded guidance rather than the user's actual needs.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description contains very broad trigger phrases such as 'psychology,' 'decision-making,' and 'why people buy,' which can cause the agent to invoke this skill in many routine marketing conversations where it may not be the best fit. Over-broad activation increases the chance of incorrect skill selection, unnecessary context loading, and application of persuasive tactics in situations where narrower or safer domain-specific guidance would be more appropriate.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file explicitly recommends 'Personalized messaging' based on 'visitor data/source' without any guardrails about lawful basis, consent, transparency, data minimization, or sensitive-category exclusions. In a marketing skill context, this can normalize privacy-invasive targeting and lead downstream agents or users to implement tracking and profiling that violates privacy expectations or regulatory requirements.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
If users believe the skill can act on live ad accounts, failing to warn that it could modify campaigns or spend budget creates a meaningful safety gap. Paid advertising is a financially sensitive domain: unauthorized or mistaken changes can immediately waste spend, alter targeting, pause revenue-driving campaigns, or create policy/compliance exposure. The marketing context makes this more dangerous because actions are directly tied to real money and production traffic.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The reference instructs users to upload customer emails and phone numbers for ad targeting without any mention of consent, lawful basis, hashing/secure handling, or platform privacy requirements. In a marketing skill, this omission can normalize processing personal data in ways that violate privacy laws, internal policy, or user expectations, especially when operators treat the guidance as implementation-ready.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.