Back to skill

Security audit

Hopkin – Paid Ads: Meta, TikTok, Google, LinkedIn, Reddit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent read-only advertising data helper, but users must trust the external Hopkin CLI and handle its API key carefully.

Install only if you trust Hopkin and the npm package @hopkin/cli. Prefer a limited-scope API key if Hopkin supports it, avoid pasting keys into shared chats or saved terminal logs, rotate any exposed key, and review Hopkin's local credential storage and caching behavior before querying sensitive ad-account data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill directs the agent to perform npm install and update operations even though its stated role is querying advertising data. Expanding scope to package installation introduces unnecessary supply-chain and side-effect risk, because executing global installs or updates can change the host environment and pull untrusted code from the registry.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to ask for an API key and set it via CLI, which gives the skill credential-handling capability beyond simple read-only querying. This is dangerous because secrets may be exposed in chat logs, terminal history, process lists, or tool telemetry, and it normalizes the agent collecting sensitive credentials directly from users.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill claims to be read-only and not for modifying campaigns, but elsewhere includes side-effecting operations such as package installation, updates, and auth reconfiguration. This mismatch can mislead operators into trusting the skill as non-invasive when it can still alter the environment and credentials state.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The authentication workflow tells users to provide an API key and shows passing it directly on the command line without warning about credential sensitivity. Command-line secrets can leak through shell history, audit logs, process inspection, screenshots, and transcripts, making credential compromise more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.