NotFair Google Ads for OpenClaw
Security checks across malware telemetry and agentic risk
Overview
This appears to be a coherent NotFair/Google Ads integration, but it can access stored NotFair credentials and invoke high-impact Google Ads tools, so users should review approvals carefully.
Install this only if you trust NotFair with your connected Google Ads data. Treat any campaign, budget, bid, keyword, ad, or delete action as money-affecting: review the exact proposed change before approving it, and remove stored tokens/config entries when you no longer need the plugin.
VirusTotal
62/62 vendors flagged this plugin as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a write-capable tool is approved, it could change campaigns, bids, budgets, keywords, ads, or other Google Ads account state.
The skill exposes a broad pass-through to NotFair Google Ads tools, including write-capable operations, while instructing the agent to obtain explicit approval before writes.
- notfair_google_ads_tool - call a specific NotFair MCP tool by exact name and JSON arguments. - Any Google Ads write must be explicitly approved by the user before execution.
Before approving a write, review the exact tool name, arguments, affected account, budget/spend impact, and whether the change can be paused, drafted, or reversed.
Anyone with access to the stored token/config may be able to access the connected NotFair/Google Ads integration within that token's permissions.
The plugin uses delegated NotFair credentials to access the hosted MCP service and stores sensitive token material in OpenClaw plugin configuration.
"accessToken": { "label": "Access Token", "sensitive": true },
"apiKey": { "label": "API Key", "sensitive": true, "help": "Optional Bearer token for headless use. Set with openclaw notfair login --token." }Use a dedicated NotFair token where possible, protect ~/.openclaw/openclaw.json, and run logout or remove the token if you no longer need the integration.
User-provided analysis scripts may query live advertising data through NotFair, even if they are intended to be read-only.
The runScript tool accepts JavaScript source for server-side Google Ads analysis. The artifacts describe this as read-only and central to the diagnostic purpose.
description: "JavaScript source. Top-level await is supported by NotFair's runScript tool."
Run scripts only for diagnostics you understand, avoid including unnecessary sensitive data in script code, and reserve write operations for explicitly approved tools.
After login/setup, the plugin may remain enabled and available to the agent until the user removes it or edits configuration.
The plugin can persistently add itself to OpenClaw plugin/tool allow lists. The permission metadata says this is to keep the plugin enabled across restarts, and the change is scoped to this plugin.
if (!allow.includes(PLUGIN_ID)) { allow.push(PLUGIN_ID); raw.plugins.allow = allow; }
...
if (!alsoAllow.includes(PLUGIN_ID)) { alsoAllow.push(PLUGIN_ID); raw.tools.alsoAllow = alsoAllow; }If you stop using NotFair, run the plugin logout/removal flow and check OpenClaw configuration for the openclaw-notfair allow-list entries.