adspirer-ads-agent
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates the installation of the 'openclaw-adspirer' plugin via the 'openclaw' CLI. This is a vendor-provided Node.js extension required for ad platform integration and is consistent with the skill's primary function.
- [COMMAND_EXECUTION]: The documentation provides standard CLI commands for user authentication and connection management ('openclaw adspirer login', 'openclaw adspirer connect'). these are intended administrative actions for the Adspirer service.
- [DATA_EXFILTRATION]: The skill connects to authorized domains including 'mcp.adspirer.com' and 'www.adspirer.com' to transmit campaign data and performance metrics. This network activity is documented and necessary for the automation of ad account management.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it can fetch creative assets from external URLs provided by users (e.g., Google Drive, AWS S3). However, the risk is mitigated by explicit safety rules requiring all campaigns to be created in a 'PAUSED' status and mandating user confirmation before any spend-affecting actions are executed.
Audit Metadata