ClawHub

Ad Creative

Security checks across malware telemetry and agentic risk

Overview

This ad-creative skill is mostly a disclosed marketing helper, but it also steers agents toward ad-platform campaign actions and voice cloning without enough approval and rights safeguards.

Install only if you will keep the skill under human control. Do not allow it to automatically create campaigns, upload ads, spend ad budget, use API keys, or clone a voice. Require documented permission for any cloned or spokesperson voice, verify commercial rights for media assets, and route campaign strategy or budget changes to a more tightly scoped workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill’s declared purpose is ad-creative generation, but this section extends into pulling performance data, managing campaigns, and upload workflows via external tools. That scope expansion increases the chance an agent with broader tool access performs account-affecting actions beyond the user’s likely intent, especially if the skill is auto-invoked or interpreted as authorization to operate ad platforms.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
Although framed as an ad-copy skill, it directs the agent to use external image, video, audio, and code-based rendering tools. This broadens capability from text generation to media production and potentially executable/template-based workflows, increasing the attack surface and creating opportunities for unintended tool invocation, cost-incurring actions, or policy-violating content generation.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation language is very broad, covering many generic phrases related to ads, optimization, iteration, and writing copy. Overbroad triggers can cause the wrong skill to activate in adjacent contexts, which matters here because the skill also references external files and downstream tools, potentially steering the agent into actions or assumptions the user did not request.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document recommends voice cloning for ad production without any explicit requirement for consent, authorization, or anti-impersonation safeguards. In a marketing workflow, this can normalize creating synthetic voices of real people or spokespeople without permission, enabling deceptive ads, impersonation, and reputational harm.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This section actively recommends brand voice cloning tools and use cases but omits any disclosure about consent, rights of publicity, platform policy, or commercial-use restrictions. Because the skill is for scalable ad creation, the omission increases the likelihood of misuse in paid media, including fake spokesperson endorsements or unauthorized multilingual impersonation at scale.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The local/open-source voice cloning section lowers friction for private, low-cost cloning while providing no warning about consent or impersonation risks. Local execution makes abuse harder to detect and easier to scale internally, which is especially concerning in an ad-creative skill where outputs may be published as persuasive media.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal