Back to plugin

Security audit

NotFair Google Ads for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent NotFair/Google Ads integration, but it can access stored NotFair credentials and invoke high-impact Google Ads tools, so users should review approvals carefully.

Install this only if you trust NotFair with your connected Google Ads data. Treat any campaign, budget, bid, keyword, ad, or delete action as money-affecting: review the exact proposed change before approving it, and remove stored tokens/config entries when you no longer need the plugin.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
index.js:23
Evidence
apiKey: process.env.NOTFAIR_API_KEY || (typeof cfg.apiKey === "string" ? cfg.apiKey : undefined),

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
index.js:171
Evidence
return { accessToken: [REDACTED], expiresAt: Date.now() + expiresIn * 1000 };