Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
eBay Advertising
v1.0.0Set up and optimize eBay Promoted Listings and Offsite Ads with bidding, budget, targeting, and performance analysis for improved ROI.
⭐ 0· 35·0 current·0 all-time
bynexscope-ai@nexscope
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill promises to 'set up' and optimize eBay campaigns (which normally requires account access and API/auth credentials), but the registry metadata and SKILL.md declare no required credentials or config paths. That suggests the skill can only provide advisory recommendations, not perform account actions — a mismatch between user-facing wording and what is actually requested. Additionally, SKILL.md claims a maintainer (Nexscope) and provides an install command, but the registry lists no source or homepage.
Instruction Scope
SKILL.md contains only advisory runtime instructions (campaign strategies, metrics, examples) and does not direct the agent to read local files, environment variables, or external endpoints. This keeps runtime scope limited to providing recommendations. However, some usage examples imply taking action on a user's account (e.g., 'Set up Promoted Listings campaigns for my top eBay products'), which is misleading given the lack of credential access.
Install Mechanism
The registry lists no install spec, but SKILL.md shows an 'Install' line: 'npx skills add nexscope/ebay-advertising'. That implies fetching and running remote code (via npm/npx) from an external publisher. Because there's no declared install spec or source URL in the registry metadata, this is an inconsistency and increases risk: running the referenced npx command would execute code from a remote package whose origin and contents are not documented here.
Credentials
No environment variables, credentials, or config paths are required. For a purely advisory skill this is reasonable, but given the advertised capability to 'set up' campaigns and the presence of an install command, the lack of any eBay credential requirements (OAuth tokens, API keys, seller account access) is disproportionate and ambiguous about whether the skill will act on user accounts or only provide guidance.
Persistence & Privilege
The skill does not request always: true and has no install spec that writes to disk in the registry metadata. It is user-invocable and allows model invocation (normal default). There is no evidence it attempts to modify other skills or system-wide configuration.
What to consider before installing
This skill appears to be an advisory, instruction-only helper for eBay advertising, but there are several unclear points you should consider before installing or running anything: 1) It claims to be able to 'set up' campaigns but declares no eBay credentials — if you expect automated changes to your account, this skill cannot do that as-is. 2) SKILL.md includes an 'npx skills add nexscope/ebay-advertising' install line, but the registry has no install spec or source URL; running that npx command would fetch remote code. Only run such commands after verifying the package on npm/GitHub and the publisher's identity. 3) There is no homepage or source listed; verify Nexscope's site and repository and inspect the package contents before installing. 4) If you plan to grant account access later, ask the publisher for explicit details about what credentials are required and how they are used/stored. If you only want recommendations, this skill may be fine; if you expect automated account actions, request clarification or a skill that declares the necessary OAuth/API requirements and provides a verifiable source.Like a lobster shell, security has layers — review code before you run it.
latestvk975jez8pfzwn0hbrs449q8p25840ww3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.