ClawHub

Generate SaaS Growth Ad Creative Brief

PassAudited by VirusTotal on May 2, 2026.

Overview

Type: OpenClaw Skill Name: toby-generate-saas-growth-ad-creative-brief Version: 1.0.0 The skill bundle requests high-risk 'Bash' tool permissions in SKILL.md, which is unnecessary and over-privileged for its stated purpose of generating marketing creative briefs. There is also a discrepancy between the GitHub repository URLs provided in package.json (TobeyRebecca) and README.md (qiaomucom), which may indicate a poorly maintained or copied template. While no active malicious code or exfiltration logic was found, the broad tool access poses a potential security risk if the agent is prompted to execute shell commands.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence
ASI02: Tool Misuse and Exploitation
What this means

If invoked, the agent could run local commands or read files even though the task should mostly be text and image-planning work.

Why it was flagged

The skill's stated job is creating an ad creative brief, but it grants shell execution and broad local file-reading capability without instructions that limit when or why those tools should be used.

Skill content
allowed-tools: Bash, Read ... Plan campaign visuals and hooks for saas growth promotions.
Recommendation

Remove Bash unless it is truly required, restrict Read to user-selected campaign assets, and require explicit user approval before any command execution or file access.

ConcernHigh Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

A user following the README could install a different repository or package than the reviewed artifact.

Why it was flagged

The registry identity, README install command, manual GitHub clone URL, and package repository point to different owners or slugs, so the install source is ambiguous.

Skill content
Registry slug: toby-generate-saas-growth-ad-creative-brief; README: clawhub install qiaomu-generate-saas-growth-ad-creative-brief / git clone https://github.com/qiaomucom/generate-saas-growth-ad-creative-brief.git; package.json: https://github.com/TobeyRebecca/generate-saas-growth-ad-creative-brief.git
Recommendation

Verify the exact ClawHub slug and GitHub repository before installing, and align README, registry metadata, and package.json to the same trusted source.