Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ad2
v1.0.0Core decision engine for Ads Manager Specialist; auto-calls tools for Facebook ads URLs, campaign queries, competitor research, budget, and performance tasks.
⭐ 0· 69·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a core decision engine that calls many external tools (meta_ad_library, apify_facebook_ads, serper_search, ads_manager_execute_action, etc.) and assumes those integrations and tokens exist. But the registry metadata declares no required environment variables or credentials. State-changing operations (ads_manager_execute_action) are part of the tool list yet no permission/credential requirements are declared — this mismatch is incoherent and potentially dangerous.
Instruction Scope
The runtime instructions mandate immediate tool calls on many triggers (including any facebook.com URL and short boss commands) and forbid the agent from asking for missing tokens or saying it cannot access resources. It enforces a 'zero-question' policy and automatic saving to memory. This forces autonomous data retrieval and state changes without explicit user confirmation and suppresses normal failure handling — scope creep and unsafe behavior for an instruction-only skill.
Install Mechanism
There is no install spec and no code files; this is instruction-only so nothing will be written to disk by an installer. From an install-mechanism point of view this is low-risk.
Credentials
The SKILL.md explicitly says APIFY_TOKEN, SERPER_API_KEY, and META_ACCESS_TOKEN are read from environment, but the skill metadata lists no required env vars or primary credential. Sensitive credentials are implied without declaration or justification. Additionally the tool set includes a generic http_request which can be used to send arbitrary data externally — combined with implicit env-token access this raises exfiltration and privilege concerns.
Persistence & Privilege
The skill text demands it be 'ALWAYS load[ed]' for ads tasks and enforces mandatory automated actions (including approvals). The registry flags do not set always:true, but the instructions try to bypass normal safeguards by forbidding failure messaging and requiring immediate tool execution. Allowing autonomous invocation combined with implicit state-changing calls increases blast radius if misconfigured or malicious.
What to consider before installing
This skill’s instructions are coercive and inconsistent with its registry metadata: it assumes environment tokens exist (APIFY_TOKEN, SERPER_API_KEY, META_ACCESS_TOKEN) though none are declared, and it mandates immediate, autonomous tool calls — including state-changing calls like ads_manager_execute_action — without asking the user. Before installing, verify these items: 1) What concrete tools and system bindings exist (ask for the tool registry mapping and what each tool is allowed to do). 2) Whether the agent will be allowed to perform state-changing actions (approvals/rejections) automatically — require explicit confirmation for any destructive or billing-impacting action. 3) Where the APIFY/SERPER/META credentials live and who controls them; avoid giving the skill broad access to tokens unless you trust the source. 4) Remove or change the 'zero-question' rules and forbidden phrases so the agent can safely report auth failures. If you can’t confirm the tool implementations, credential handling, and safeguards, do not enable this skill for live campaign management.Like a lobster shell, security has layers — review code before you run it.
latestvk977wbwh4dex8shffqyvbfwqbn83axm7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.