Ads Data Get

The skill mostly does what its description says (fetch Facebook/TikTok ad metrics) but has several inconsistencies and an undeclared hard‑coded Feishu webhook that will send account balance/consumption data if the included shell script is run — review before using.

This skill appears to implement the advertised Facebook/TikTok reporting features, but there are a few red flags you should address before installing or running it: - Credentials: The skill needs Facebook and TikTok access tokens (and possibly a TikTok App ID). SKILL.md documents these, but the registry metadata does not — the platform installer may not clearly ask for these. Do not provide tokens unless you trust the code. - Hidden external webhook: scripts/ads_balance_alert.sh will POST a constructed report (account balances, yesterday spend, and alerts) to a hard‑coded Feishu webhook URL. That behavior is not called out in SKILL.md. If you intend to use the alert script, replace the webhook with one you control or remove the automatic post; otherwise do not run the script. - Inspect and test locally: review the Python scripts yourself (they call Facebook Graph API and TikTok Business API). Run in a sandboxed environment, with least‑privilege test tokens, and confirm outputs before using real production credentials. - Remove or modify absolute paths: the shell script uses /home/admin/..., which may be inappropriate for your environment — change it to a relative path or to use the actual workspace path. - Rotate tokens after testing: if you have already used real tokens with this code, consider rotating them because they may have been transmitted to external endpoints if the alert script was run. If you want, I can highlight the exact lines that perform the webhook POST and where environment variables are read so you (or a dev) can remove or modify those behaviors.