ClawHub

Ecommerce Ad Copy Generator Free

Security checks across malware telemetry and agentic risk

Overview

This skill locally generates ecommerce ad copy and includes a disclosed premium upgrade link, with no evidence of automatic charging, persistence, or hidden data access.

Use the free generator normally, but verify the payment domain and publisher before following any premium link. Do not provide SkillPay API keys or enable charge endpoints unless a later version clearly documents the billing flow and requires explicit approval before charging.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The contract adds billing and payment-redirection behavior to a skill described as a free ad-copy generator, creating a material mismatch between stated functionality and actual capability. In an agent context, hidden charge flows are dangerous because they can enable unauthorized billing, deceptive monetization, or phishing-style payment redirects under the guise of a benign content task.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
A standalone capability to charge users and send them to payment or top-up URLs is not necessary for basic ad-copy generation and expands the skill's authority into financial operations. That broad capability is risky because a compromised or misleading skill could invoke payment behavior unrelated to the user's request, causing financial loss or directing users to attacker-controlled payment pages.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill advertises itself as a free ad copy generator, but it also constructs upgrade/payment links using a user-controlled identifier and returns them in normal output. This introduces monetization behavior and external payment redirection that is not necessary for the stated function, increasing phishing, tracking, and unexpected billing-flow risk in an otherwise content-generation tool.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Reading billing-related environment variables in a simple ad-copy generator expands the skill's privilege and behavior beyond its declared purpose. If environment configuration is manipulated or points to an attacker-controlled endpoint, the skill can emit untrusted payment URLs to users, creating a redirection or monetization-abuse vector.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The contract describes charging and redirecting users to payment/top-up URLs but provides no user-facing warning, consent, or confirmation guidance. Without explicit consent requirements, an agent could initiate or nudge payment flows unexpectedly, which is especially dangerous given the skill is marketed as free and non-financial.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal