google-ads

SUSPICIOUS: The skill is largely aligned with its Google Ads management purpose and uses official Google API components, so it does not look malicious. Risk comes from two areas: it tells the agent to read raw Google Ads credential files directly, and browser-mode data/actions appear to pass through an OpenClaw relay/gateway, creating intermediary exposure. Overall this is a coherent but medium-risk skill that should require explicit approval before any account changes and should avoid printing raw credential files.