v1.0.0

My Admapix

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:18 AM.

Analysis

The skill is mostly aligned with AdMapix analytics, but it needs review because it stores an API key and automatically routes complex requests to a server-side AI service that hosts shareable reports.

GuidanceInstall only if you are comfortable giving the skill an AdMapix API key and sending complex analysis requests to AdMapix’s server-side research/report service. Use a dedicated key, avoid confidential prompts unless you trust the service, and ask for confirmation before Deep Research or shareable report generation.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

The registry metadata does not provide a verified source or homepage for the package, which weakens provenance for a credential-using integration.

User impactIt is harder to independently verify who maintains the skill and whether the registry package matches the advertised project.

RecommendationVerify the publisher and repository link before installing, especially before configuring an API key.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

Auth header: `X-API-Key: $ADMAPIX_API_KEY` ... `openclaw config set skills.entries.admapix.apiKey "{KEY}"`

The skill uses and persists an AdMapix API key for authenticated API access. This is expected for the service, but it gives the skill access to the user’s AdMapix API account.

User impactAnyone using this skill through your configured assistant may be able to make AdMapix API requests under your key.

RecommendationUse a dedicated, revocable AdMapix API key with the least permissions available, and do not paste unrelated secrets into the chat.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

README.md

“server-side AI research engine” ... “autonomously plans and executes a multi-step investigation — orchestrating dozens of API calls” ... “Reports are hosted and shareable via link.”

Complex queries are routed to an external AI/reporting service that can perform many API calls and publish a hosted report, but the artifacts do not define report access controls, retention, or a separate approval step before hosting.

User impactYour complex prompts and resulting analysis may leave the local assistant and be stored as a shareable web report.

RecommendationAvoid putting confidential business details in prompts unless you trust AdMapix’s report hosting controls; ask the assistant to confirm before using Deep Research or generating shareable pages.