metacli
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its Meta marketing purpose, but it installs an unpinned external CLI that handles Meta OAuth secrets/tokens and can change ads or publish to Instagram.
Install only if you trust the external `metacli` source and can limit its Meta permissions. Use a dedicated Meta app/profile, pin or review the installed version, confirm every write or publish action, and revoke tokens when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with valid IDs and content, the agent could make business changes or publish public Instagram posts without a clearly stated final approval step for every write action.
The skill exposes business-account mutations and public Instagram publishing. It explicitly requires confirmation for budget changes, but does not state the same requirement for campaign creation or Instagram publishing.
Campaign create: `meta --profile <PROFILE> campaign create ...`; Campaign budget update: `meta --profile <PROFILE> campaign update ... --confirm-budget-change`; IG publish feed: `meta --profile <PROFILE> ig publish feed ...`; `Require explicit confirmation before budget-changing mutations.`
Require explicit user confirmation for all campaign, ad, ad set, budget, and publishing writes; prefer dry-runs by default; and restrict use to specific ad accounts and profiles.
A profile token could grant the CLI authority over Meta advertising or Instagram assets, so misuse or compromise could affect business accounts or public content.
The AI host receives sensitive Meta app credentials and completes OAuth token exchange for a reusable profile. The artifacts do not clearly bound token storage, retention, revocation, or exact granted permissions.
Human creates a Meta app and provides `APP_ID` and `APP_SECRET`... `meta auth setup --profile <PROFILE> ... --app-secret <APP_SECRET>` ... `OAuth redirect lands on the AI host and token exchange completes there.`
Use least-privilege Meta scopes, a dedicated app/profile, and test accounts where possible; verify where tokens are stored; revoke tokens after use; and avoid sharing the app secret beyond the setup flow.
A future upstream change or compromised dependency could change what runs under the `meta` binary while still receiving sensitive Meta credentials and account authority.
The install uses a moving @latest external Go module. Since the supplied artifact set contains only SKILL.md, the executable code that will handle credentials and account writes is outside this review.
go | module: github.com/bilalbayram/metacli/cmd/meta@latest | creates binaries: meta
Pin the Go module to a reviewed version or commit, verify the source repository and release integrity, and avoid granting production account access until the installed binary is trusted.
Users must trust the tunnel domain and AI host during login because OAuth authorization data is routed through that path.
The OAuth callback is intentionally routed through a public HTTPS tunnel to the AI host's local listener. This is disclosed and purpose-aligned, but it is a sensitive provider callback path.
`cloudflared tunnel --url http://127.0.0.1:53682` ... `REDIRECT_URI=https://<tunnel-domain>/oauth/callback` ... `--listen 127.0.0.1:53682`
Use a fresh, exact redirect URI; verify the tunnel domain before approving OAuth; keep the listener short-lived; and close the tunnel after authentication completes.