ClawHub
Back to skill

Security audit

Meta AI Ads

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real Plai Meta ads tool, but it can change live ad accounts and budgets using sensitive credentials and has under-disclosed install and endpoint behaviors that users should review.

Install only if you trust Plai and intend to let an agent manage real advertising accounts. Keep PLAI_BASE_URL unset unless you intentionally use a trusted Plai endpoint, require explicit approval before campaign activation, deletion, creation, or budget changes, and know how to revoke connected Meta/Google account access after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill requires sensitive environment variables and performs networked operations, but it does not declare explicit permissions for those capabilities. This creates a governance and review gap: the runtime may still allow access to secrets and outbound requests, while users and security tooling are not clearly informed of the skill's effective privileges. In this context, the skill manages ad accounts and OAuth flows, so undeclared network/env access is materially relevant and increases the risk of secret misuse, data exfiltration, or unauthorized API actions if the implementation is compromised.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The package defines a postinstall hook that automatically executes an additional npm install in a subdirectory during dependency installation. Install-time scripts are a common supply-chain risk because they run implicitly on the installer’s machine or CI environment, and this behavior is not necessary to understand from the top-level package metadata alone, making the skill more dangerous than a normal Meta Ads integration package.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal