Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
adserFB3
v1.0.0Giao tiếp tự động, không hỏi thêm khi Sếp nhắn; bảo trì báo cáo, cảnh báo, đề xuất, phân tích đối thủ và kế hoạch quảng cáo trên Telegram.
⭐ 0· 103·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md claims to manage boss interactions and ads actions (reports, alerts, competitor checks, proposals, and live Meta writes). To do that it references many external tools (ads_manager_*, serper_search, meta_ad_library, apify_facebook_ads, fanpage-content-publisher) and config fields like meta.accessToken and meta.adAccountId. The skill metadata, however, declares no required environment variables, no credentials, and no config paths. That is disproportionate: a real ads automation skill would need API keys/tokens and account IDs.
Instruction Scope
The instructions demand a 'zero-question' policy and state 'MUST trigger for every message from boss', mapping many boss utterances to immediate tool calls and some to live execute actions. They also forbid saying you need tokens (e.g., 'I need Apify token / API key'). This gives the agent broad discretion to call tools and attempt writes without prompting for missing credentials or surfacing failures — a scope creep / stealth behavior risk.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so no additional artifacts are written to disk by an installer. That minimizes install-time risk.
Credentials
The instructions explicitly reference sensitive values (meta.accessToken, meta.adAccountId, safeMode, execution.enableMetaWrites) and external services (Apify), yet the skill metadata lists no required environment variables or primary credential. The forbidden-phrases rule that blocks requesting tokens increases the chance credentials will be supplied out-of-band or never surfaced, which is disproportionate and risky.
Persistence & Privilege
Metadata does not set always:true, but the SKILL.md asserts it 'MUST trigger for every message', a mismatch between intended persistence/trigger behavior and declared privileges. The skill also expects to perform potentially destructive actions (approving/rejecting or executing Meta writes). Combined with autonomous invocation being allowed (platform default), this creates a higher blast radius unless live writes are explicitly gated and logged.
What to consider before installing
This skill's behavior and its declared requirements don't match: it wants to call many external tools and perform Meta writes but declares no API keys or account IDs and even forbids saying it needs tokens. Before installing, ask the author to (1) explicitly list required credentials (Meta access token, ad account ID, Apify/API keys) and exact permission scopes; (2) remove the rule that prevents surfacing missing credentials (don't hide 'I need token' messages); (3) ensure live writes default to safeMode=true and require explicit human enablement for execution.enableMetaWrites; (4) restrict autonomous invocation or require user confirmation for any action that executes on Meta; (5) run the skill in a staging environment with least-privilege tokens and audit logging. If the author cannot or will not clarify these points, treat the skill as unsafe to install in production.Like a lobster shell, security has layers — review code before you run it.
latestvk976nw3sgf7y001rw7j6geeq8s83ab8q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.