ClawHub

Apple Search Ads

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it gives an agent live Apple Search Ads account-changing power without enough built-in safety guidance.

Install only if you trust the asa-cli binary and are comfortable letting the agent operate your Apple Search Ads account. Use least-privileged credentials, protect ~/.asa-cli files, verify the selected profile and org ID, and require manual approval before any command that creates, updates, deletes, changes status, changes bids, or changes budgets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents destructive commands for campaigns, ad groups, and keywords, but provides no guardrails such as explicit confirmation requirements, dry-run guidance, or warnings to verify identifiers before deletion. In an agent-driven workflow, this increases the chance of accidental destructive actions against live advertising assets, especially because the skill is specifically designed for campaign management and exposes deletion as a normal operation.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The skill advertises `--verbose` as showing HTTP request/response details without warning that these logs may contain sensitive operational data, request metadata, identifiers, or possibly authentication-related information depending on CLI behavior. Because the skill also covers authentication and ad account management, encouraging verbose output without sanitization guidance can lead to inadvertent exposure in agent logs, transcripts, or shared terminals.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal