AI Marketing Automation
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ai-marketing-automation Version: 1.0.0 The skill bundle contains only metadata and promotional documentation (SKILL.md, package.json, _meta.json) without any executable code or logic. The documentation describes marketing automation features and provides contact information, but lacks any indicators of data exfiltration, malicious execution, or prompt injection. The primary functional file (index.js) is referenced in package.json but is not present in the provided content.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed as written, the agent could create or modify paid advertising campaigns and shift budget without enough user review.
The skill instructs campaign creation and automatic budget adjustment for paid advertising platforms, but does not specify approval gates, spending limits, rollback, or safe execution boundaries.
✅ 自动投放 - 微信/抖音/小红书/百度多渠道自动投放 ✅ ROI 优化 - 实时调整预算分配,最大化 ROI ... openclaw run --create-campaign --config campaign.yaml
Require explicit user approval before launching campaigns, changing budgets, publishing creatives, or modifying targeting; define per-channel budget caps, dry-run previews, audit logs, and rollback steps.
Users cannot tell which ad accounts, tokens, or privileges the skill expects to use, making it hard to constrain spend and account access.
The skill advertises WeChat, Douyin, Xiaohongshu, and Baidu ad campaign automation, which normally requires account credentials or delegated permissions, but the metadata declares no credential source or permission scope.
Required env vars: none Env var declarations: none Primary credential: none Required config paths: none
Declare the required advertising-platform credentials, scopes, account IDs, and permission boundaries; use least-privilege tokens and require users to choose the exact accounts and budgets.
The advertised automation may not be implemented in the reviewed artifacts, and users cannot inspect integration logic before trusting it with ad operations.
The package points to an index.js entrypoint, but the provided manifest contains only SKILL.md and package.json. The skill is therefore effectively instruction-only, and its claimed implementation is not reviewable here.
"main": "index.js"
Ask the publisher for the complete implementation, provenance, and platform-integration details before using it for real advertising accounts.
A bad configuration, creative, targeting choice, or optimization decision could affect multiple advertising platforms at once.
The example configuration enables multi-channel automatic optimization from one campaign configuration, but does not define containment such as per-channel caps, staged rollout, or failure isolation.
channels: - wechat_ads - douyin_ads - xiaohongshu_ads - baidu_ads ... budget: daily: 1000 strategy: auto_optimize
Use staged rollouts, per-platform approval, separate budget caps, monitoring alerts, and an emergency stop mechanism.
Users may be tempted to grant account or budget control based on unverified performance claims.
The skill uses strong ROI and customer-case claims without supporting evidence in the artifacts. This is not proof of malicious intent, but it may encourage over-trusting high-impact automation.
营销自动化,ROI 提升 3 倍。 ... ROI:从 1.8 提升至 3.2 ... 安装配置服务:¥499 起,3 小时搞定!
Verify claims independently and test only with small, capped budgets before any production campaign use.