Skills
skills/aradotso/marketing-skills/openclaw-marketing-skills/Gen Agent Trust Hub

openclaw-marketing-skills

Warn

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions recommend installation via clawhub and git clone from a non-trusted repository (LeoYeAI/openclaw-marketing-skills). This involves executing and loading code from an unverified third-party source.
  • [PROMPT_INJECTION]: The skill possesses a high-risk surface for indirect prompt injection because tools like page-cro and seo-audit ingest content from arbitrary external URLs.
  • Ingestion points: SKILL.md (references tools that fetch web content from /pricing, https://example.com/demo, etc.)
  • Boundary markers: Absent from descriptions.
  • Capability inventory: Access to sensitive marketing credentials and API data for Google Ads, Meta Ads, and Search Console.
  • Sanitization: Not documented.
  • [COMMAND_EXECUTION]: The Troubleshooting section provides instructions for users to run arbitrary Python code via the terminal (python -c "...") to test connectivity, which is a command execution pattern.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 12, 2026, 07:44 PM
Security Audit — agent-trust-hub — openclaw-marketing-skills