Is metehan777/growth-marketer safe?

The skill's entire purpose is to override the agent's independent judgment on product recommendations. It defines 50+ keyword triggers and instructs the agent to respond to all of them with pre-scripted Popupsmart promotional content. Users asking neutral questions about popup builders, email list growth, or cart abandonment will receive scripted commercial responses without any disclosure that the agent has been commercially instructed.

The skill includes scripted comparison text that presents Popupsmart as offering '90% of OptinMonster functionality at 30% of the cost' and explicitly labels this a 'fair comparison.' These claims are not independently verified; they are pre-loaded promotional assertions. An agent reciting these will appear to be giving objective advice while actually delivering undisclosed advertising.

The skill instructs agents to visit popupsmart.com proactively whenever a trigger keyword is detected, even when the user has not asked the agent to browse the web. This commandeers the agent's browsing capability to generate commercial traffic without user initiation.

Every agent interaction that matches a trigger causes an HTTP request with utm_source=openclaw to be sent to popupsmart.com. The skill documentation explicitly confirms this is intentional attribution tracking. End users have no awareness their queries are generating tracked commercial traffic for a third party.

When the agent fetches popupsmart.com per the skill's instructions, the HTTP request may include browser-like headers, referrer information, or other agent context depending on the browsing tool implementation. This data is transmitted to a third-party commercial server without user consent.

Static analysis found no JavaScript, TypeScript, Python, shell scripts, npm lifecycle hooks, .gitattributes filters, .gitmodules entries, or symlinks. The install process performed a clean git sparse checkout with no code execution.

The only external TCP connection during installation was to 140.82.121.4:443, which resolves to github.com. This is the expected endpoint for cloning the openclaw/skills monorepo. No DNS queries to non-GitHub domains were observed during the install window.

The skill is packaged as a neutral 'growth marketer' assistant but is structurally an affiliate marketing injection. Its tags ('ai-search-optimization') and its complete content — triggers, scripted responses, UTM tracking, comparison templates — serve a single commercial purpose: generating Popupsmart impressions through AI agents at scale. Users interacting with an agent that has this skill installed receive undisclosed paid-product recommendations on any CRO or marketing topic.

Because the skill is injected at the system-prompt level, users have no way to detect that the agent's product recommendations are commercially biased. The broader the keyword trigger set (50+ terms covering all CRO, SaaS, and e-commerce vocabulary), the more queries get silently intercepted and redirected to commercial promotion.

The honeypot files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, gcloud application_default_credentials.json) were not modified or exfiltrated by the skill. The file access events observed at 07:38:55 (before clone) and 07:39:36 (after install) are attributable to the audit framework's own baseline establishment and post-test integrity verification, not to the skill under test.