ClawHub

Amazon Ads

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims for Amazon Ads, but it can immediately change live advertising settings using sensitive credentials, so it should be reviewed before installation.

Install only if you trust the publisher with your Amazon Ads account. Use a least-privilege Amazon Ads app/profile where possible, keep the .env file private, review every proposed bid/state/negative-keyword change before execution, and revoke the refresh token if you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill requires access to environment-stored API credentials and makes live network calls to the Amazon Advertising API, but it does not declare permissions accordingly. This creates a transparency and consent gap: an agent or user may invoke a capability that can read sensitive secrets and perform external actions without an explicit permission model.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list contains broad phrases such as ads optimization, campaign analysis, adjust bid, and common Chinese advertising terms that could match ordinary conversation and invoke the skill unintentionally. Because this skill can read live ad data and potentially modify bids, pause keywords, or add negatives, accidental invocation can expose account data or lead to unwanted operational changes.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill instructs the agent to present output in Chinese without checking user preference, which can reduce user comprehension and informed consent. In a skill capable of recommending or executing advertising changes, language mismatch increases the risk that users approve actions they do not fully understand.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The script auto-loads credentials from a local .env file and performs an outbound token exchange as soon as API methods are invoked, without any user-facing notice that sensitive advertising credentials will be used over the network. In an agent-skill context, this reduces informed consent and can surprise operators into exposing account access they did not realize the skill would immediately consume.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill exposes state-changing operations such as bid updates, keyword state changes, and adding negative keywords, and executes them immediately with no confirmation, preview, or dry-run safeguard. In the advertising context this can directly alter campaign delivery and spend efficiency, causing business-impacting changes from an accidental or overbroad agent action.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal