openclaw-marketing-skills

Medium-risk but not clearly malicious. The documented purpose matches marketing and ads/SEO connector capabilities, and API endpoints appear official. Main concerns are transitive skill installation from a third-party repo, mixed publisher identity, and local raw credential-file handling in .agents. This is better classified as suspicious/vulnerable than benign, but there is no strong evidence of malware or overt exfiltration.