Pluginv0.1.0

ClawScan security

AdMapix · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 24, 2026, 5:54 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to be an AdMapix client as described, but its runtime instructions expect an API key and server-hosted 'Deep Research' behavior while the registry metadata declares no required credentials — this mismatch and the report-hosting behavior warrant caution.
Guidance: This skill is an instruction-only AdMapix client and legitimately needs an AdMapix API key, but the registry metadata doesn't declare that key — treat that as a red flag. Before installing: (1) Confirm how you will provide the API key (the README shows storing it in openclaw config at skills.entries.admapix.apiKey); (2) Prefer using a limited-scope or test API key and monitor its usage in AdMapix dashboard; (3) Understand that 'Deep Research' queries will execute many API calls and produce shareable HTML hosted by AdMapix, so avoid sending sensitive or private data in queries; (4) Verify the plugin author/source (no homepage provided) and, if possible, inspect the plugin implementation (or ask the publisher to declare required credentials in registry metadata) so you can confirm there are no hidden endpoints or unexpected data exfiltration paths. If you need higher assurance, request the publisher update the registry metadata to list the API key requirement explicitly and explain how keys are stored and protected.
Findings: [references.ADMAPIX_API_KEY] expected: Multiple reference docs and examples include 'X-API-Key: $ADMAPIX_API_KEY' or show setting skills.entries.admapix.apiKey. This is expected for an API client, but the skill registry metadata did not declare any required env var or credential — that mismatch is noteworthy.

Review Dimensions

Purpose & Capability: concernThe skill's name/description and the included reference docs clearly target the AdMapix API and require an API key (requests use X-API-Key / $ADMAPIX_API_KEY). However, the registry metadata lists no required environment variables or primary credential. A plugin that calls AdMapix legitimately needs an API key — the lack of declared credentials is an inconsistency.
Instruction Scope: noteSKILL.md and README instruct the agent to call AdMapix endpoints, run multi-call 'Deep Research' flows, and produce shareable HTML reports hosted by AdMapix. Those instructions are consistent with ad-intelligence functionality, but they also imply sending possibly large aggregated query payloads and user-provided queries to AdMapix servers (expected for this purpose). There is no instruction to read unrelated system files or secrets, but the docs reference storing the API key in agent config (openclaw config set skills.entries.admapix.apiKey), which is sensitive and not declared in requires.env.
Install Mechanism: okThis is an instruction-only skill with no install spec or code to download. That minimizes install-time risk (nothing written/executed by the installer). The README mentions 'openclaw plugins install' and an npx example, but no arbitrary downloads or archive extraction are present in the bundle.
Credentials: concernReference docs and API examples use an API key (X-API-Key: $ADMAPIX_API_KEY) and README shows storing skills.entries.admapix.apiKey in OpenClaw config. Yet the skill metadata declares no required env vars or primary credential. This is a proportionality/declared-credential mismatch: the skill needs a secret (API key) in practice, but the registry doesn't list it. Storing the API key in agent config may expose it to other skills/agents if config access is wide; users should verify where and how the key is stored and whether OpenClaw restricts it.
Persistence & Privilege: okThe skill is not force-installed (always: false) and is user-invocable. disable-model-invocation is false (normal). It does advertise server-side 'Deep Research' reports hosted by AdMapix — that means complex queries will result in multi-call requests and generated HTML hosted externally, which increases data sent off-platform, but the skill does not request elevated platform privileges or automatic always-on presence.