Skillv1.0.0

ClawScan security

ad-intelligence-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 29, 2026, 4:31 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's functionality matches its description (competitive ad intelligence), but the runtime instructions require multiple external tools and API keys (Playwright, PyPI libraries, SERPAPI/Apify/Meta tokens, etc.) that are not declared in the skill metadata — this mismatch and missing install/spec details are concerning and need clarification before use.
Guidance: This skill appears to do what it says (collect ad creatives via scraping and paid APIs), but there are several red flags to resolve before installing or giving it secrets: 1) Metadata omits required tools and secrets — Phase 1/2 code needs Python packages and Playwright/browser binaries, and Phase 2 needs multiple API keys (SERPAPI, Apify, Adyntel, ScrapeCreators, Meta Graph access token). Ask the skill author to declare required env vars and an install spec. 2) Do not paste high-privilege tokens (long-lived Facebook access tokens, service API keys) into the agent until you confirm where they are stored and how they will be used; prefer creating scoped keys with minimal permissions. 3) Scraping reverse-engineered internal APIs (Google internal endpoints) and headless browser automation can violate platform TOS and lead to IP blocking or account actions — consider legal/terms-of-service risk. 4) Run this skill in an isolated environment (sandbox) if you need to test, and limit network/credential exposure (use limited-scope API keys, proxies, and monitoring). 5) Request from the publisher: an explicit install section listing required packages/binaries, a clear list of all environment variables the skill will request, and a data-handling statement describing whether/where keys or scraped data are transmitted or stored. Only proceed after those clarifications and after minimizing the privileges of any provided credentials.

Review Dimensions

Purpose & Capability: noteThe name and description (fetch/analyze competitor ads across Meta, Google, LinkedIn) align with the provided reference files and scraping/API code examples. The requested capabilities (scraping ad libraries, calling third-party ad-intel APIs) are coherent with the stated purpose.
Instruction Scope: concernSKILL.md and the reference files explicitly instruct the agent to run web scrapers and headless browsers (Playwright/Selenium), call internal/reverse-engineered endpoints (Google internal API), intercept network responses, and use many third-party APIs. The instructions reference local runtime actions (browser automation, request interception), and expect the agent to accept API keys from the user for Phase 2 — but the skill metadata does not declare these requirements. The scope is broad and includes activities (intercepting network responses, running headless browsers) that require specific binaries and permissions not declared.
Install Mechanism: concernThere is no install specification, yet the references rely on Python packages (Google-Ads-Transparency-Scraper, serpapi, apify_client, requests, playwright), Playwright browser installation, and possibly system-level browsers/proxies. That mismatch (no install steps vs. explicit tooling requirements) is an operational and security concern because users/agents won't be told what will be installed or what prerequisites are required.
Credentials: concernThe registry lists no required environment variables or primary credential, but the instructions and reference code expect many secrets for Phase 2: SERPAPI_KEY (or env fallback), Apify tokens, Adyntel API keys, ScrapeCreators keys, Meta Graph API access tokens, and possibly other third‑party credentials. These are proportionate to Phase 2 functionality but their absence from the declared metadata is a mismatch and increases risk (agents/users may be prompted to paste sensitive keys without clear justification or constraints).
Persistence & Privilege: okThe skill is not always-enabled and does not request system-wide persistence. There is no install script in the registry that writes or modifies agent configs. Autonomous invocation is allowed (default) but not combined here with other high-risk flags.