ClawHub

Eonik Agent

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate Eonik marketing integration, but it can use an API key to create or launch ads in live accounts without clear confirmation gates or scope limits.

Install only if you trust Eonik with your advertising account data and understand that this skill can call external services using your EONIK_API_KEY. Use the lowest-privilege key available, avoid granting launch or spend authority unless needed, and require manual review before any ad creation, deployment, or campaign launch action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly states the skill can 'launch new ad variations directly into your ad accounts' without any adjacent warning that this modifies live external systems and could spend money or alter campaign state. In an agent-skill context, users may allow automated command execution, so unclear safety boundaries increase the risk of unintended destructive or costly actions.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The README instructs users to export an API key but does not provide basic credential-handling guidance such as avoiding shell history leakage, not hardcoding keys, and rotating compromised secrets. In agent environments, poor secret-handling instructions can lead to accidental exposure of credentials that authorize access to sensitive marketing and deployment operations.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger condition is overly broad: 'when a user triggers this skill or asks for marketing/ad tasks' can match generic requests and cause automatic use of external tooling. In this skill, that broad routing is more dangerous because the available tools include campaign launch and data-fetching actions, not just read-only analysis.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The description and instructions emphasize end-to-end campaign management and automated deployment without a prominent warning that the skill can perform live ad-launching actions. Users may reasonably interpret this as advisory functionality and not expect the agent to initiate operational changes on advertising platforms.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The execution instructions tell the agent to run a wrapper that connects to api.eonik.ai, but they do not warn that user prompts, marketing/account identifiers, and derived campaign data may be transmitted to an external service. This omission weakens informed consent and can expose sensitive business information unexpectedly.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase at line 20 is broad enough to activate the skill from common user requests without clearly signaling that a third-party advertising/deployment capability will be invoked. This can cause unintended invocation of a powerful marketing automation skill, increasing the chance of surprising actions or credential-backed API use without clear user intent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase at line 22 is ambiguous and resembles an ordinary request that could arise in many contexts, making accidental activation more likely. In this skill's context, accidental invocation is more concerning because the skill is positioned to analyze ads, generate briefs, and potentially deploy campaigns via an external MCP-backed service.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manifest requires an API credential but provides no user-facing warning in the manifest about how that credential will be used, what data may be sent externally, or what actions the service can perform. Given the skill's stated capabilities include ad creation and deployment, undisclosed credential use could lead to external data exposure, unauthorized third-party API operations, or unintended campaign changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal