ClawHub

Ad Creative

Security checks across malware telemetry and agentic risk

Overview

This ad-creative skill is mostly coherent, but it recommends voice cloning, campaign-management actions, and local/tool execution workflows without enough safeguards or scoping.

Install only if you are comfortable with a broad ad-production helper. Use it for drafting and analysis, but require explicit human approval before uploading or changing campaigns, review any local marketing-context files first, use only approved API keys/providers, and do not generate cloned voices unless you have documented commercial rights and consent from the voice owner.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill’s stated purpose is ad creative generation, but the Tool Integrations section introduces campaign-management and data-pulling capabilities such as listing or creating campaigns. That scope expansion can cause an agent to take operational actions beyond copywriting, increasing the chance of unintended ad account changes or over-privileged tool use if the skill is auto-invoked.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The file materially expands an ad-copy skill into image generation, video generation, voice cloning, and code-based rendering, creating capability drift beyond the declared scope. In an agent setting, this broadens what the skill may encourage or operationalize, increasing the chance of unsafe media generation, deceptive content production, or unintended execution/integration paths that were not reviewed for this skill.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Recommending brand voice cloning in a text ad-copy skill introduces impersonation and synthetic identity capabilities that are unrelated to the stated purpose. This mismatch is dangerous because it normalizes voice cloning for ads without ensuring consent, authorization, or legal/compliance controls appropriate for biometric-like media generation.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The Voicebox section includes localhost API usage, source checkout, and build/development commands, which extend the skill into local software setup and execution. In an agent context, such instructions can prompt users or downstream systems to run unreviewed local services and code unrelated to ad-copy generation, expanding the attack surface and bypassing the skill's intended scope.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The Remotion guidance introduces React/TypeScript code authoring and CLI rendering, which are software-development and execution capabilities outside a text ad-copy assistant's purpose. This is risky because it can lead agents or users into generating and running code pipelines, handling external assets, and producing media outputs without the additional controls expected for code-execution or build tooling.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The activation text is very broad and includes many generic phrases like 'write me some ads' or 'I need more ad variations,' which can match a wide range of normal user requests. Over-broad routing can cause this skill to activate in contexts where a narrower copywriting or policy-aware workflow would be safer, potentially exposing users to inappropriate tool suggestions or off-scope behavior.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The voice cloning guidance omits any warning about consent, impersonation, publicity rights, or authorization, despite directly recommending cloned voices for advertising. In ad contexts this is more dangerous because synthetic endorsements and spokesperson imitation can facilitate fraud, deceptive marketing, reputational harm, and legal violations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The Lead Ads section notes a privacy policy text field limit but omits the substantive requirement that this format collects personal data and therefore needs clear user-facing disclosure and compliant data handling. In an ad-creation skill, that omission can cause users to generate lead-gen assets without appropriate privacy messaging or compliance checks, increasing legal, regulatory, and trust risks.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal