Is marketing-skills safe?
https://clawhub.ai/skill/marketing-skills
This is a large, well-structured collection of 23 marketing playbook modules containing purely educational content — frameworks, checklists, templates, and best practices for CRO, SEO, copywriting, pricing, analytics, and other marketing disciplines. No executable code, no data exfiltration attempts, no malicious instructions, and clean monitoring results across all categories. The only minor concerns are standard persona-setting instructions and aspirational capability claims in two modules.
Category Scores
Findings (4)
LOW Persona injection in sub-skill modules -5 ▶
Each of the 23 sub-skill SKILL.md files begins with 'You are an expert in [domain]' persona instructions. While this is standard skill design, it does reshape agent behavior when loaded. All personas are benign marketing-domain roles with no privilege escalation or instruction override attempts.
LOW Aspirational capability claims in module descriptions -5 ▶
Two modules claim the agent has 'direct access' to external platforms (social scheduling platform, ad platform accounts). These are role-play framing, not actual tool invocations, but could confuse the agent into attempting actions beyond its actual capabilities.
INFO Unattributed TLS connection during install window -5 ▶
Network monitoring detected a TLS connection to 216.150.1.1:443 during the monitoring window. This appears to be system-level traffic (likely Ubuntu telemetry or snap-related) rather than skill-initiated, given the empty package.json and absence of any executable code in the skill.
INFO Mentions of web scraping tools for social media analysis -10 ▶
The social-content module's 'Reverse Engineering Viral Content' section recommends tools like Apify and Phantom Buster for scraping social media posts at scale. These are mentioned as user recommendations in a marketing context, not as agent instructions, but could theoretically guide an agent toward scraping activities if a user requests implementation.