ClawHub

Meta Ads Collector

v1.0.0

Scans Meta Ad Library API to count active ads, identify ad formats and types, track longest-running ad, and estimate spend for a given brand.

0· 270·0 current·1 all-time
byAdarsh More@adarshvmore
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the instructions: the skill queries the Meta/Facebook Ad Library to produce ad counts, formats, types, durations, and optional spend estimates — that's consistent with the declared purpose.
!
Instruction Scope
The runtime instructions assume environment variables (META_ACCESS_TOKEN, META_APP_ID, META_APP_SECRET) and local modules (metaAdsService.ts, src/types/audit.types.ts) that are not present in the registry or package. SKILL.md directs the agent to call the external Meta Graph API (expected) but also references application internals and logging behavior that won't exist for an instruction-only skill as published.
Install Mechanism
No install spec and no code files — lowest-risk distribution model — but also means the SKILL.md is purely a specification/instruction and depends on external implementation that isn't bundled.
!
Credentials
The instructions require sensitive credentials (META_ACCESS_TOKEN, META_APP_ID, META_APP_SECRET) yet the registry lists no required environment variables or primary credential. This is a mismatch: the skill needs secrets to function but does not declare them, so users may be surprised or the agent may attempt to prompt for or mishandle secrets.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. Autonomous invocation is allowed (default) but that alone is expected and not a new concern here.
What to consider before installing
This skill describes how to query Meta's Ad Library but the registry metadata does not declare the required credentials or include any code. Before installing: 1) Confirm the skill's origin and trustworthiness (no homepage/source provided). 2) Ask the publisher to update the registry to declare required env vars (META_ACCESS_TOKEN, META_APP_ID, META_APP_SECRET) so you know what secrets will be needed. 3) Request the actual implementation (metaAdsService.ts and related code) to review how tokens are used/stored and to verify there is no data exfiltration beyond the intended API calls. 4) Ensure your Facebook App has minimally scoped, reviewed Ad Library access and rotate any secrets after testing. If you cannot verify these points, treat this skill as unsafe to grant production credentials to.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e0x2q8mvv2vpv0c5wqne5cs82anwt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments