ClawHub
Back to skill
v1.4.0

Product to Ads (Ad-Ready)

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:21 AM.

Analysis

The skill is coherent for generating ad images, but it fetches product pages and uses external AI services, so users should use trusted URLs and approved imagery.

GuidanceThis skill appears purpose-aligned for generating ads. Before using it, make sure you are allowed to scrape the product page and use any product, logo, talent/model, or reference images you provide. Avoid sensitive personal imagery unless you are comfortable sending it through the disclosed ComfyDeploy/Gemini/Imagen-style generation pipeline, and always review generated ads before publishing.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
PHASE 1: Product Scraping (Gemini Flash) ... Scrapes product URL  extracts title, description, features, price, materials, image URLs ... Also scrapes HTML for high-res product images

The skill is designed to fetch and scrape user-provided product pages. This is aligned with the stated purpose, but users should provide trusted URLs and expect page content/images to be used in the generation workflow.

User impactA product page you provide may be accessed and its content/images used to create the ad.
RecommendationUse product URLs you are authorized to use, and review the generated ad before publishing.
Agent Goal Hijack
SeverityLowConfidenceMediumStatusNote
configs/Product_to_Ads/Master_prompt_01_Awareness.json
Analyze these inputs first. They are the immutable laws of physics for this generation. <product_data>{{PRODUCT_JSON}}</product_data>

The downstream prompt gives strong authority to inserted product data. Because the product data comes from user-provided product pages, untrusted or manipulated page content could steer the creative output.

User impactA malicious or inaccurate product page could influence the generated brief, blueprint, or ad creative.
RecommendationPrefer trusted product pages and check the final creative brief and image for accuracy before use.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
The pipeline runs as a ComfyUI custom node deployed on ComfyDeploy ... PHASE 1: Product Scraping (Gemini Flash) ... PHASE 4: Image Generation (Nano Banana Pro / Imagen 3) ... Blueprint + all reference images  final ad image

The artifacts disclose that product data and reference images are processed through external AI/provider systems. This is expected for the skill, but it is still a data-sharing consideration.

User impactProduct images, optional model/talent images, brand context, and reference images may be processed by external services.
RecommendationOnly provide images and brand materials you have permission to use, and avoid private or sensitive imagery unless you are comfortable with the provider workflow.