Is marketing-skills safe?

https://clawhub.ai/jchopard69/marketing-skills

95
SAFE

This is a legitimate, content-only marketing knowledge base skill containing 23 educational modules covering CRO, SEO, copywriting, analytics, pricing, and other marketing disciplines. It is a vendored copy of an established open-source marketing framework. The skill contains no executable code, no external URL references for the agent to fetch, no data collection mechanisms, and all monitoring indicators (canary files, network activity, filesystem events) are clean. The only minor concerns are standard persona framing instructions and the large content volume.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (6)

LOW Multiple expert persona instructions across 23 modules -5

Each of the 23 sub-modules begins with a persona instruction like 'You are an expert in [domain]'. While this is standard prompt engineering for marketing skills and not malicious, it does frame agent behavior extensively. The personas are all marketing-focused and do not request elevated permissions or override safety instructions.

INFO Social content module claims agent has 'direct access to a scheduling platform' -3

The social-content module states 'You are an expert social media strategist with direct access to a scheduling platform that publishes to all major social networks.' This overstates the agent's capabilities and could lead to user confusion, but does not pose a security risk as no actual platform integration or credentials are referenced.

INFO Paid-ads module claims agent has 'direct access to ad platform accounts' -2

The paid-ads module states 'You are an expert performance marketer with direct access to ad platform accounts.' Similar to the social-content module, this overstates capabilities but poses no security risk.

INFO Very large content volume may consume significant context window -10

The skill contains 23 detailed marketing modules totaling thousands of lines of content. When the full skill content is loaded into an agent's context, it could consume a significant portion of the available context window. This is not a security issue but could affect agent performance if combined with other large skills.

INFO References to third-party scraping tools in social-content module -5

The social-content module's 'Reverse Engineering Viral Content' section recommends users use tools like Apify and Phantom Buster for scraping social media posts. These are recommendations to the human user, not instructions for the agent to execute. No URLs are provided for the agent to fetch.

INFO Single HTTPS connection to ClawHub registry during install -5

A single outbound HTTPS connection to 216.150.1.1:443 was observed during skill installation. This is the expected ClawHub registry connection for downloading the skill package. No other unexpected network activity was detected.