Openclaw Ai Marketing
Security checks across malware telemetry and agentic risk
Overview
This instruction-only marketing skill is coherent, but it pushes agents toward real public publishing, lifecycle email sends, cohort actions, and writebacks without clear approval or account boundaries.
Install only if you intend to let an agent coordinate real marketing operations. Configure it to draft or audit by default, require explicit approval for every public post, blog publish, lifecycle send, cohort action, and writeback, and use least-privilege accounts limited to the intended channels and audiences. Keep credentials, customer identifiers, private campaign strategy, and reusable receipts out of shared skill files.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.