Amazon Ads Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Amazon Ads manager, but it deserves Review because it can make live ad-spend changes through broad API payloads without script-level confirmation.

Install only if you are comfortable giving this skill live Amazon Ads authority through LinkFox. Require explicit confirmation before any create/update action, review the target account, region, entity count, budget or bid changes, and avoid using broad automatic instructions for spend-affecting changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The large-response block lists only a subset of entry scripts, contradicting earlier claims about operational coverage. This inconsistency can mislead an agent into using incomplete or wrong entry points, increasing the chance of failed operations or unsafe fallback behavior in a write-capable advertising skill.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This script performs a real write operation to Amazon Ads via mutate_entity for ad creation, but it does not present a clear user-facing confirmation or safety warning before executing the network mutation. In an agent skill context, silent external writes are risky because a prompt, tool-chain mistake, or ambiguous user request could trigger unintended ad creation or spend changes against a live advertising account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal