Is marketing-mode safe?

https://clawhub.ai/TheSethRose/marketing-mode

82
SAFE

Marketing Mode is a pure knowledge-base skill containing marketing frameworks, psychology principles, and strategy guides with no executable code in the repository. The primary risk vectors are: (1) a persona override system that shapes agent identity and behavior, (2) a global npm install declaration in skill.json pointing to an unverified external package, and (3) inclusion of ethically ambiguous marketing tactics and psychological manipulation frameworks that could lead to questionable recommendations.

Category Scores

Prompt Injection 72/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 78/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (8)

MEDIUM Persona override via mode system -15

The skill instructs the agent to adopt the identity 'Mark the Marketer' with specific personality traits, catchphrases, communication style directives, and behavioral patterns. While this is the intended mode system functionality, it constitutes a system prompt modification that shapes agent behavior beyond simple knowledge provision.

LOW Related skills cross-references may encourage skill chaining -5

SKILL.md lists 23 related skills by slug name with descriptions, which could encourage users to install additional unvetted skills. While informational, this creates an implicit trust chain.

MEDIUM Install directive references external registry -8

The SKILL.md frontmatter contains an install block pointing to clawdhub as a source, which is standard but creates a dependency on external registry content that could change after this audit.

MEDIUM Global npm install declared in skill.json -15

skill.json specifies 'npm install -g @thesethrose/marketing-mode' which would execute a global npm package installation. npm packages can contain arbitrary preinstall/postinstall scripts. The actual npm package content was not audited here.

LOW Declares Node.js and npm as runtime requirements -7

The skill declares it requires Node.js binary access and npm, which grants broader execution capabilities than a pure knowledge-base skill would need.

INFO Platform runtime reads sensitive files during install -5

The openclaw platform runtime (not the skill itself) read .env, .aws/credentials, and various config files during installation. This is standard platform behavior but worth noting.

LOW Ethically ambiguous marketing tactics included -15

The knowledge base includes marketing tactics that range from standard to ethically questionable (Parasite SEO, Engagement Pods, Controversy as Marketing, Guerrilla Marketing). An agent following these suggestions uncritically could recommend practices that harm users or violate platform terms of service.

LOW Persuasion psychology section could be misapplied -10

The extensive psychology section (Loss Aversion, Scarcity, Anchoring, Default Effect, etc.) provides a toolkit for psychological manipulation. While standard marketing knowledge, an agent applying these aggressively could produce manipulative dark-pattern recommendations.