Meta Ads Collector
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a straightforward read-only Meta Ads API collector, with minor setup notes around Meta credentials and referenced helper files.
Before installing, confirm you intend to use a Meta/Facebook App token for Ad Library access, keep those credentials private, and review any referenced implementation files if they are provided separately.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may need to provide a Meta access token or app secret, which should be protected like other account credentials.
The skill requires Meta/Facebook app credentials even though the registry metadata lists no required environment variables or primary credential. This is expected for the stated Meta Ad Library API purpose, but users should notice the credential requirement.
- **Auth:** `META_ACCESS_TOKEN` environment variable ... - **Additional env vars:** `META_APP_ID`, `META_APP_SECRET`
Declare the required credentials in metadata, use the least-privileged Meta token needed for Ad Library access, and avoid sharing or logging token values.
If a separate helper implementation is later installed or used, its behavior is not shown in the provided artifact set.
The instruction text references helper implementation files, while the provided package is instruction-only. This is not suspicious by itself, but users should verify any separate implementation before relying on it.
- The collector depends on `metaAdsService.ts` for the actual API communication.
Provide or inspect the referenced implementation files and confirm they only call the documented Meta Ad Library endpoint with the intended parameters.