Back to skill

Security audit

Super Admapix

Security checks across malware telemetry and agentic risk

Overview

This skill matches its ad analytics purpose, but it handles API keys and hosted deep-research reports in ways users should review carefully before installing.

Install only if you are comfortable with AdMapix receiving your API key and business queries for both normal API calls and automatic Deep Research. Prefer secure configuration over pasting keys into chat, avoid sensitive proprietary prompts unless hosted shareable reports are acceptable, and review whether Deep Research can be disabled or made opt-in.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to write a user-supplied API key into local configuration via `openclaw config set`, which is a privileged state-changing action unrelated to merely querying ad intelligence data. This can persist secrets beyond the current session, modify host configuration without explicit consent, and creates a path for credential capture or misuse if the skill content is adversarial or the environment is shared.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill sends both the user's query and the raw AdMapix API key to `deepresearch.admapix.com`, a separate backend not described as the primary API surface. Forwarding credentials to an additional service materially expands the trust boundary and could enable credential theft, unauthorized reuse, or secondary processing of user data outside the expected AdMapix API interaction.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest presents a narrow ad analytics skill, but the instructions add external task submission, polling, and report retrieval from a separate research backend. This mismatch undermines transparency and informed consent, making it easier to conceal broader data flows and privileged operations than users would reasonably expect from the declared skill purpose.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The README states that Deep Research is triggered by broad conditions such as 'any question requiring 2+ API calls or cross-entity reasoning,' which can cause users to invoke a more autonomous server-side workflow than they intended. In a skill that performs external data retrieval and generates hosted reports, this increases the risk of unexpected data processing, higher-cost operations, and sending sensitive user queries into a more expansive analysis pipeline without explicit confirmation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises structured HTML reports that are 'hosted and shareable via link' but does not warn users that their query content, derived analysis, or potentially sensitive business intelligence may be stored externally and exposed through shared URLs. In this skill context, users may submit confidential competitive strategy questions or proprietary app-marketing analysis, so omission of hosting and retention details meaningfully increases privacy and data-leakage risk.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The README states that any question requiring more than two API calls will automatically trigger a deeper server-side research workflow, which is a broad and implicit escalation rule. This can cause users' seemingly routine requests to be processed by a more powerful backend path than expected, increasing data exposure, cost, and unintended side effects without explicit user confirmation.

Vague Triggers

Low
Confidence
74% confidence
Finding
The documentation encourages users to speak directly to the AI assistant using broad natural-language prompts, but does not clearly define which requests stay local versus which invoke more capable remote processing. This ambiguity can lead to accidental triggering of higher-scope operations and unexpected transmission of user queries to backend systems.

Missing User Warnings

High
Confidence
94% confidence
Finding
The README describes a server-side AI research engine that autonomously plans multi-step analysis and produces online-hosted, shareable HTML reports, but it does not prominently warn users that complex prompts may be sent off-platform and persisted in a shareable form. This creates a meaningful confidentiality risk if users include sensitive business data, internal strategy, or proprietary app intelligence in their queries.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs the agent to automatically persist a pasted API key without warning the user that local configuration will be modified. Silent state changes involving secrets are dangerous because users may think they are providing input for a one-time request, while the agent is actually storing credentials for future use or exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation defines a `delivery` object containing `externalUserId` for H5 page generation context but provides no guidance on minimization, consent, retention, or restrictions on sending direct identifiers to a third-party API. This creates a realistic privacy and data-handling risk because integrators may transmit raw user identifiers into externally hosted page-generation workflows without understanding the exposure.

Ssd 3

High
Confidence
96% confidence
Finding
The skill normalizes having users paste API keys directly into chat and then using those secrets operationally. Collecting credentials through conversational text greatly increases the risk of accidental logging, retention, replay, or exposure to other tools and services in the agent pipeline.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:157