巨量广告自动化投放技能 - LemClaw Skills
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is coherent for Ocean Engine ad automation, but it can use write access to launch or change paid ads without clearly enforced approval and budget safeguards.
Only install this if you intend to let an agent operate an Ocean Engine advertising account. Start in test mode, use least-privilege credentials, set external budget limits, inspect dependencies, and require manual approval before any live launch, batch operation, budget increase, or creative change.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could start or change paid advertising activity in a connected account, potentially spending budget or publishing ad content if invoked with valid credentials.
The CLI auto-launch path immediately starts automation for a campaign and enables optimization behavior; the provided code does not show an explicit confirmation prompt, maximum spend check, or rollback guard before paid advertising actions.
config = AutoLaunchConfig(campaign_id=campaign_id, launch_immediately=True, auto_optimization=True); result = self.automation.start_auto_launch(config)
Use test mode first, require explicit human approval for every launch/batch/budget-changing action, and set hard budget caps outside the skill before using production credentials.
Installing and configuring the skill requires granting credentials that can read and modify ad account data, not just view reports.
The OAuth flow requests read and write authority over the advertising account, while the registry metadata says there is no primary credential and no required environment variables. That makes the delegated account authority less visible to users at install time.
scope = "ad_read ad_write"
Declare the required Ocean Engine credentials and OAuth scopes in metadata, use the least-privileged token possible, and restrict use to specific advertiser accounts where supported.
If this helper is used, anyone or anything with access to that local file may be able to recover advertising API credentials.
The auth helper can persist tokens and app secrets to a local config.json file. This is related to token management, but the artifact does not show encryption, restricted file permissions, or user-facing warning text around this persistence.
"access_token": self.config.access_token, "refresh_token": self.config.refresh_token, "app_secret": self.config.app_secret ... open("config.json", "w", encoding="utf-8")Avoid saving production tokens in plaintext; if persistence is needed, use a secure secret store or clearly warn users about where credentials are written.
Users may over-trust the automation and run it in production without adding their own review, approval, and budget controls.
The documentation claims an operation-confirmation mechanism and production readiness, but the provided auto-launch and batch workflows do not show a confirmation step before high-impact paid-ad actions.
安全性 - OAuth 2.0 认证 - Token 安全管理 - 操作确认机制 ... 生产就绪 - 可以直接使用
Treat the production-readiness and confirmation claims cautiously; verify safeguards in code and require manual approval before live campaign changes.
Users may run local dependency installation without the usual provenance and install metadata being visible in the registry entry.
The setup asks users to install Python dependencies manually. This is normal for a Python integration skill, but the registry source is unknown and no platform install spec is provided.
pip install -r requirements.txt
Review requirements.txt and the package source before installing dependencies, preferably in a virtual environment.