ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Paid Ads

v1.0.0

When the user wants help with paid advertising campaigns on Google Ads, Meta (Facebook/Instagram), LinkedIn, Twitter/X, or other ad platforms. Also use when...

0· 140·0 current·0 all-time
byMario Karras@mariokarras
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md repeatedly frames the agent as having "direct access to ad platform accounts" and instructs platform-specific setup and execution actions, but the skill declares no required credentials, primary credential, or config paths. That mismatch (claiming account access while requesting no auth) is inconsistent with the stated purpose.
!
Instruction Scope
Runtime instructions tell the agent to read local context files (.agents/product-marketing-context.md or .claude/product-marketing-context.md) and to run external tooling (example: exa.js search). The skill's declared requirements list no config paths or required binaries, so the instructions reference files and commands not declared in the manifest. Reading local context files may be legitimate for marketing tasks, but should be explicitly declared.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes install-time risk (nothing is written to disk by the skill itself).
!
Credentials
The skill expects interaction with third-party ad platforms (implying API keys or account access) but requires no environment variables or explicit credentials. It also instructs reading workspace files; these accesses are not declared in requires.env or config paths. The absence of declared secrets/credentials is disproportionate to the implied capabilities.
Persistence & Privilege
always:false and no install steps mean the skill does not request persistent system presence or elevated privileges. Autonomous invocation is allowed (platform default) but not combined with other high-risk privileges here.
What to consider before installing
This skill reads local marketing context files and assumes the agent can access ad accounts, but it doesn't declare any credentials or required tools. Before installing or enabling it: 1) Ask the skill author how the agent is expected to access ad platforms (what connectors or API keys, and where/how those credentials are stored). 2) Confirm whether the agent environment provides the exa.js tool shown in the docs or any other CLI the skill expects; if not, the instructions may fail or the agent may attempt alternative network calls. 3) Verify what local files the skill will read (.agents/... or .claude/...) and ensure they don't contain sensitive credentials. 4) If you must supply platform credentials, provide least-privilege, scoped API keys and prefer temporary tokens or connector-based OAuth rather than embedding long-lived secrets. 5) If anything about automatic account access or external tooling is unclear, treat the skill as untrusted until the author documents required credentials, binaries, and exact data flows.

Like a lobster shell, security has layers — review code before you run it.

latestvk9761bv4pdf7ky47ag5x34h26n836043

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments