ClawHub

Meta Ad Spy

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Meta ad-research scraper/API helper, but users should treat it as automation that may send research queries and tokens to Meta or optional third-party services.

Install only if you are comfortable running a browser-based scraper for public Meta Ad Library data. Prefer a virtual environment or container, review generated /tmp scripts before execution, clean up raw output files, use least-privilege/short-lived Meta or vendor API keys, and get explicit confirmation before sending competitor research targets to third-party providers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Low
Confidence
92% confidence
Finding
The documentation explicitly recommends third-party scraping and commercial data providers, including tools described as scraping at scale and adding profile/comments data, which goes beyond a narrow use of Meta's official Ad Library. In a skill whose stated purpose is competitor ad spying and monitoring, this materially increases the chance the agent will route users toward unofficial collection methods with legal, privacy, and terms-of-service risk.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger definition is intentionally broad and includes phrases like general competitor analysis or understanding what a competitor is doing on Facebook or Instagram. In an agentic environment, overbroad routing can cause the skill to activate on requests outside the user's intent, leading to unnecessary scraping, collection, or analysis of third-party data and expanding the attack surface for misuse.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The sample code sends an API key directly to a third-party endpoint without any warning about credential storage, vendor trust, logging, or the fact that user queries/page identifiers are disclosed externally. In this skill context, which encourages competitor intelligence gathering, normalizing external vendor use without disclosure makes accidental credential misuse and silent data sharing more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal