Back to skill

Security audit

Skill Amazon Ads Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Amazon Ads reporting skill, but it needs careful handling because it uses sensitive ad-account credentials and can export data to a chosen file.

Install only if you intend to let an OpenClaw agent access your Amazon Ads profile and campaign data. Keep amazon-ads-api.json private, store it outside shared repositories when possible, add it to .gitignore, use restrictive file permissions, rotate the refresh token if exposed, and review any --out path before allowing exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation indicates use of environment variables and outbound network access to the Amazon Ads API, but no permissions are declared in the skill metadata. This creates a transparency and policy-enforcement gap: users and orchestrators cannot accurately evaluate or constrain what the skill can access before running it.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to place highly sensitive Amazon Ads credentials, including a client secret and long-lived refresh token, into a local JSON file without any warning about secure storage, .gitignore protection, or avoiding commits to source control. In an agent-skill context, copy-pasteable credential examples are especially risky because users commonly keep skills in repos or shared workspaces, making accidental exposure of advertiser account access more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions tell users to place a client secret and refresh token in a local JSON file without any warning about secure storage, file permissions, or exclusion from version control. These credentials grant API access to advertiser data and campaign operations, so accidental disclosure could lead to unauthorized read access or campaign manipulation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/ads.js:12

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/ads.js:32