Ad Campaign Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it describes automatically changing paid ad campaigns without enough safety controls or clear permission scoping.

Review carefully before installing. Do not connect real advertising accounts unless you can enforce account scoping, hard budget limits, preview every proposed change, and require manual approval before creating ads, launching tests, changing targeting, or increasing spend.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly promotes automatic ad creation, A/B testing, and optimization across live advertising platforms but provides no guardrails, approval workflow, simulation mode, or warning that these actions can directly change spend, targeting, and campaign state. In an agent setting, this can lead to unintended budget consumption, policy violations, or harmful campaign changes if the model acts on ambiguous prompts or the wrong account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal