eonik creative audit

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Meta ads audit tool that handles sensitive ad-account data, but its access and outputs are mostly scoped and user-gated.

Install only if you trust eonik to process your Meta ads audit data. Replace the placeholder account ID, keep redaction enabled unless approved, run it from a private channel, protect or delete generated reports, and enable scheduled audits only with documented owner approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill instructs execution of a local Python pipeline with access to environment variables, filesystem, shell, and network, yet the manifest declares no permissions. This mismatch undermines least-privilege review and can cause operators or tooling to approve a skill without understanding that it can read secrets, write reports, and exfiltrate account data over the network.

Context-Inappropriate Capability

Medium

Confidence: 82% confidence
Finding: The documentation encourages recurring automated scans and direct notifications to external messaging platforms, expanding the skill from a one-time audit into persistent monitoring and outbound data sharing. In this context, audit outputs may include sensitive ad IDs, spend, and recommendations, so scheduled unattended delivery increases the chance of oversharing or continued access beyond the user's immediate intent.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The program claims the report was dispatched to an active OpenCLAW channel, but no such dispatch occurs. This is a security-relevant integrity issue because operators may falsely believe results were transmitted to a monitored destination, causing missed alerts, audit gaps, or incorrect incident response assumptions.

Natural-Language Policy Violations

Medium

Confidence: 96% confidence
Finding: This output creates a false assurance that an external reporting action occurred. In an agent or pipeline context, deceptive status messages are dangerous because downstream users may rely on nonexistent notification, escalation, or retention behavior and fail to manually review the local output.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrase "Optimize my Meta ad account" is broad enough to match common user requests and may invoke this skill in situations where the user did not explicitly request the eonik audit workflow. Because the skill requires an API key and appears to initiate an external audit pipeline, overbroad activation can cause unintended external data handling or actions beyond user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal