Is 1kalin/afrexai-ad-ops safe?
https://github.com/openclaw/skills/tree/main/skills/1kalin/afrexai-ad-ops
This skill is a pure markdown knowledge base containing advertising frameworks, benchmarks, budget templates, and optimization playbooks. It contains no executable code, no file access instructions, and no data exfiltration vectors. The only notable finding is embedded commercial promotion for paid AfrexAI products that could cause the agent to act as an advertising channel.
Category Scores
Findings (4)
LOW Embedded commercial promotion with pricing -15 ▶
The SKILL.md contains a promotional section at the bottom advertising paid 'AfrexAI Context Packs' ($47-$197) and free tools. When injected into an agent's system prompt, this content may cause the agent to recommend paid commercial products to users as part of its ad ops guidance, effectively turning the agent into a sales channel without the user's explicit awareness.
INFO External URLs present but not fetched 0 ▶
Three URLs to afrexai-cto.github.io are included as standard markdown hyperlinks. The skill does NOT instruct the agent to fetch, visit, or load content from these URLs. They are passive references that users or agents might click/reference but pose no automated fetch risk.
INFO Standard OS file reads during installation -5 ▶
Filesystem monitoring captured reads to /etc/passwd, /etc/locale.conf, /etc/ld.so.cache, and /etc/gdm3/custom.conf. These are standard OS reads from the installation tooling (jiti JIT compiler, locale detection, dynamic linker) and not triggered by the skill content.
INFO Stale lock.json references unrelated skill -5 ▶
The .clawhub/lock.json file references 'academic-research-hub' v0.1.0 which is unrelated to this ad ops skill. This appears to be leftover metadata from the skill author's environment rather than a functional dependency or chaining mechanism. It has no executable effect.