SR
SKILLRADAR
AI Security • Benchmarking • Index
Menu
Trust Report v1

ad-ready

| Generate advertising images automatically from a product URL + brand profile. ✅ USE WHEN: - User provides a product URL (e-commerce link) - Want automated product scraping + image generation - Have a brand profile to apply (70+ brands available) - Need funnel-stage targeting (a

Overall
67
Trust
39
Utility
88
Momentum
95

Install caution

High-risk behavior present

Risk: High

Source: OpenClaw Master Skills

Path: skills/ad-ready/SKILL.md

Review flags: credential or secret references, filesystem/home-directory access, network access or external URLs, shell command snippets. These are review signals, not definitive security judgments; inspect before installing.

Required permissions

  • Environment variables / secrets
  • Shell commands
  • Network/API usage
  • Filesystem/home access

Permissions are inferred from SKILL.md text only. They are review prompts, not guarantees about runtime behavior.

Risk flags explained

credential_or_secret_referencehigh

Mentions tokens, API keys, passwords, or private-key style environment variables.

filesystem_write_or_home_accessmedium

Mentions filesystem writes, deletes, home-directory paths, or config/key locations.

network_accessmedium

Mentions external URLs, network APIs, downloads, or HTTP client usage.

shell_commandmedium

Contains shell command snippets. Review commands before copy/paste or agent execution.

Score explanation

Trust

  • Trust starts at 90 before review-signal penalties and metadata bonuses.
  • Risk-signal penalty: -53 from 4 detected flag(s).
  • Metadata bonus: +2 from author/version/description fields.

Utility

  • Utility starts at 55 and rewards clear descriptions, runnable examples, and explicit setup needs.
  • Description present: yes.
  • Command examples detected: 5.
  • Environment variables detected: 4.

Momentum

  • Momentum starts at 45 and uses public repo activity signals.
  • Recent commit activity: latest repo update was 6 day(s) ago.
  • Recent commit volume: 6 commit(s) in the lookback window (+18).
  • Source has strong public adoption: 2049 stars.
  • Fork activity suggests reuse: 309 forks.

Overall

  • Overall score weights trust 45%, utility 35%, and momentum 20%.

Detected signals

Env vars

  • API
  • COMFY_DEPLOY_API_KEY
  • GEMINI_API_KEY
  • KEY

Commands

  • COMFY_DEPLOY_API_KEY="$KEY" uv run {baseDir}/scripts/generate.py --product-url "https://shop.example.com/product" --brand-profile "Nike" --prompt-profile "Master_prompt_05_Conversion" --auto-fetch --output "ad-output.png"
  • COMFY_DEPLOY_API_KEY="$KEY" uv run {baseDir}/scripts/generate.py --product-url "https://shop.example.com/product" --product-image "/tmp/product-photo.jpg" --logo "/tmp/brand-logo.png" --model "models-catalog/catalog/images/model_15.jpg" --brand-profile "Nike" --prompt-profile "Master_prompt_05_Conversion" --aspect-ratio "4:5" --output "ad-output.png"
  • COMFY_DEPLOY_API_KEY="$KEY" uv run {baseDir}/scripts/generate.py --product-url "https://shop.example.com/product" --product-image "/tmp/product-photo.jpg" --reference "/tmp/reference-ad.jpg" --brand-profile "Nike" --prompt-profile "Master_prompt_01_Awareness" --output "ad-output.png"
  • GEMINI_API_KEY="$KEY" uv run ~/.clawdbot/skills/brand-analyzer/scripts/analyze.py --brand "Brand Name" --auto-save
  • uv run {baseDir}/scripts/generate.py --list-brands

URLs

  • https://api.comfydeploy.com/api/run/deployment/queue`
  • https://github.com/PauldeLavallaz/ads_SV
  • https://shop.example.com/product

Provenance & evidence

SkillRadar makes each review traceable back to the exact source path, source blob SHA, scanner version, and text-only policy that produced the report.

source
github.com/LeoYeAI/openclaw-master-skills@main
path
skills/ad-ready/SKILL.md
source blob SHA
6011965b263ca5c0e6180673498fecef572f5058
scanner version
0.3.0
security model
text_only_no_execute_no_install_no_secrets
scan policy
Fetched and scored as text only; no install, no execution, no runtime loading.

Evidence snippets

credential_or_secret_reference

…ration with ALL inputs filled ``` --- ## Usage ### Full command (recommended): ```bash COMFY_DEPLOY_API_KEY="$KEY" uv run {baseDir}/scripts/generate.py \ --product-url "https://shop.example.com/p…

filesystem_write_or_home_access

…th talent perform much better. Empty = product-only ad (no person). When used, pick from `~/clawd/models-catalog/catalog/images/` (114 models available) | | `--logo` | 🔶 OPTIONAL | T…

network_access

…ing a 4-phase AI pipeline on ComfyDeploy. **Source:** [github.com/PauldeLavallaz/ads_SV](https://github.com/PauldeLavallaz/ads_SV) --- ## Pipeline Architecture The pipeline runs as a C…

shell_command

…eline runs as a ComfyUI custom node deployed on ComfyDeploy. A single `ProductToAds_Manual` node executes 4 phases internally: ``` ┌─────────────────────────────────────────────────────────────┐ │ Prod…

Watch this skill

Get alerted when this skill adds credential requirements, shell commands, external domains, remote installer patterns, or risk-level changes.

Join watchlist beta

Methodology note

SkillRadar scans SKILL.md as hostile text only. It does not execute commands, install packages, or load third-party skills.

View source SKILL.mdBack to changesView sources