Skillv0.2.0

ClawScan security

Openclaw Google Ads · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 8:03 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and docs match a Google Ads reporting utility, but the registry metadata omits the many Google Ads credentials the scripts need and one script prints a refresh token to stdout — these inconsistencies warrant caution before install.
Guidance: This skill appears to be a legitimate Google Ads reporting/audit utility, but exercise caution before installing or running it: - The registry metadata does NOT declare the environment variables the scripts actually require. Expect to need at least: GOOGLE_ADS_DEVELOPER_TOKEN, GOOGLE_ADS_CLIENT_ID, GOOGLE_ADS_CLIENT_SECRET, GOOGLE_ADS_REFRESH_TOKEN, and optionally manager/client account IDs. Treat these as sensitive and provide them via your secure runtime secret injection, not by pasting into files. - The authenticate.py script prints the refresh token to stdout so you can copy it into secure storage. Do not run that in a context where console output is captured or sent to chat/logs you don't control. Prefer running it in a secure terminal and immediately storing the token in your vault. - Review the code (it's short and included) and confirm you trust the unknown publisher and the environment where you will run it; the repo has no homepage/source contact. Verify your logging and agent capture settings to ensure tokens and PII are not accidentally forwarded. - Install dependencies (requirements.txt) in an isolated environment if you decide to run anything. Consider running read-only scripts first (get_account_summary, gaql_query) and require explicit human approval before making any live changes. If you want higher assurance, ask the publisher to update the registry metadata to list the required env vars and to change authenticate.py to avoid printing secrets directly (for example, prompt to store the token into a secure credential store instead).

Review Dimensions

Purpose & Capability: concernThe skill's name, SKILL.md, references, and scripts consistently implement Google Ads reporting and GAQL querying. However the registry metadata lists no required environment variables or primary credential while the included references and scripts clearly expect Google Ads credentials (developer token, client id/secret, refresh token, optional manager/client IDs). The metadata omission is an incoherence that could mislead users about what secrets the skill needs.
Instruction Scope: noteSKILL.md gives scoped, read-first instructions and requires explicit approval for live changes. It correctly points to reference docs and scripts for repeatable queries. A risk: scripts/authenticate.py prints the obtained refresh token to stdout (so an operator can copy it), which contradicts the 'never expose tokens' safety rule in the docs and could leak tokens to logs or chat if the agent captures console output. The browser-fallback is restricted in the docs and is reasonable when API access is unavailable.
Install Mechanism: okThis is instruction-only (no install spec). There is a requirements.txt (google-ads and google-auth packages) but installation would be a standard pip install by the operator. No arbitrary downloads or extract steps are specified.
Credentials: concernThe skill requires multiple sensitive environment variables (GOOGLE_ADS_DEVELOPER_TOKEN, GOOGLE_ADS_CLIENT_ID, GOOGLE_ADS_CLIENT_SECRET, GOOGLE_ADS_REFRESH_TOKEN, optional account IDs and login_customer_id), as documented in references/api-setup.md and used by the scripts. The registry metadata incorrectly lists no required env vars or primary credential. Requesting these Google Ads secrets is proportionate to the skill's purpose, but the metadata omission is a material mismatch and increases the risk of accidental exposure or misuse.
Persistence & Privilege: okalways is false and the skill does not request system-wide persistence or attempt to modify other skills or agent settings. The skill runs as-needed scripts and does not claim permanent elevated privileges.