Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
adserFB1
v1.0.0Telegram-first ads operations assistant for reporting, budget pacing, proposals, and competitor notes.
⭐ 0· 75·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (Telegram-first ads ops assistant) is plausible, but the SKILL.md expects use of multiple external tooling (serper_search, meta_ad_library, apify_facebook_ads, http_request, Playwright scrapes) and refers to plugin config. The registry shows no required env vars, binaries, or config paths — that is inconsistent with the external services and scraping behavior the skill describes.
Instruction Scope
Runtime instructions repeatedly direct the agent to call external tools and explicitly state 'NEVER say "I cannot access external data"' and to use http_request to call any REST API. The skill references environment variables (SERPER_API_KEY, APIFY_TOKEN, META_ACCESS_TOKEN) and scraping via Playwright, none of which are declared. The instructions therefore grant the agent broad discretion to access external endpoints and potentially transmit data, which is beyond what the description justifies.
Install Mechanism
There is no install spec and no code files (instruction-only), so nothing will be written to disk by the skill itself. That lowers direct supply-chain risk. However, the instructions expect runtime tools (Playwright, Apify connectors) to exist in the agent environment.
Credentials
The registry lists no required environment variables, yet SKILL.md names multiple sensitive tokens (SERPER_API_KEY, APIFY_TOKEN, META_ACCESS_TOKEN) and refers to plugin config-based credentials. Requesting or using these keys would be proportionate for the described integrations, but the omission from the declared requirements is an incoherence and a red flag: the skill could attempt to use secrets that the user is not informed about.
Persistence & Privilege
The skill is not marked always:true and is user-invocable (defaults). Autonomous invocation is allowed (default). That alone is not a problem, but combined with the instruction to always call external APIs and the undeclared credential needs, it increases the potential blast radius if the agent is allowed to run this skill without restrictions.
What to consider before installing
This skill's instructions expect several external API keys and scraping tooling but the package metadata declares none — that's an incoherence. Before installing or enabling: (1) Ask the author to declare exactly which environment variables/credentials the skill needs and why. (2) Confirm which agent tools (serper_search, apify_facebook_ads, meta_ad_library, http_request, Playwright) are actually available in your agent runtime and what permissions they have. (3) Do NOT provide global secrets (AWS/GitHub/etc.) — only supply per-service API keys if you trust the source and understand scope. (4) Prefer running the skill in a sandbox or with explicit prompts/approvals for any external HTTP calls (especially http_request) to avoid silent exfiltration. (5) If you cannot verify the source and required credentials, avoid installing or limit the skill to read-only, manual-invocation mode.Like a lobster shell, security has layers — review code before you run it.
latestvk9798sx4k8zqqxjyta18yx4xqx83asvy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.