Ads Manager Claw
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill matches an ads-management purpose, but it asks for powerful ad-account credentials and can change budgets or delete campaigns, so it needs careful review before use.
Install only if you are comfortable giving an agent access to paid advertising accounts. Use short-lived, least-privileged tokens, test on paused campaigns first, require explicit approval for every budget/status/delete action, and revoke credentials when finished.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a powerful token is shared, the agent or anyone with access to that token could change campaigns, budgets, or public ads in the connected account.
The skill directly asks the user to provide live ad-account credentials. That is expected for ad management, but these credentials can authorize spending and campaign changes, and the registry metadata does not declare a primary credential.
"Please share your Ad Account ID and access token — only used for this session."
Use least-privileged, short-lived credentials where possible, prefer a secure OAuth or credential-vault flow over chat-pasted secrets, and revoke tokens immediately after use.
The agent could treat a budget edit, pause, resume, or other account mutation as safe unless the workflow is tightened.
The instructions allow execution of ad-management actions but leave an ambiguous 'unless safe' exception. For paid advertising, even actions that seem routine can affect spend, reach, or account state.
Before ANY action: - Confirm with user (unless safe) ... Always: **Analyze → Diagnose → Recommend → Execute**
Require explicit user approval for every write action, show the exact account, campaign, budget, and status change first, and default to dry-run or paused creation.
A user may believe the credential risk ends with the chat session even though the token they generated may remain valid later.
The credential guide discusses long-lived and refresh credentials, which weakens the SKILL.md assurance that the access token is 'only used for this session' unless token lifetime, storage, and revocation are clearly explained.
For a long-lived token (doesn't expire every hour) ... OAuth2 credentials (Client ID, Client Secret, Refresh Token)
Clearly explain token lifetimes, avoid requesting refresh/client secrets unless necessary, and include revocation steps for each platform.
Customer identifiers could be shared with an advertising platform if the user asks for custom-audience targeting.
The reference includes user-directed customer-list upload to an ad provider. This is purpose-aligned for ad targeting, but it involves sensitive customer data even when hashed.
Custom Audiences (from email list) ... Then upload hashed emails via: POST `/{audience_id}/users`Only upload customer lists with proper consent, verify the destination ad account, and follow the ad platform's data-use policies.