ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Apple Ads CLI

v1.0.0

Apple Search Ads data analysis and reporting via apple-ads-cli. Use when the user wants to check Apple Search Ads performance, pull campaign/ad group/keyword...

0· 43·0 current·0 all-time
by@bin-huang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description describe Apple Search Ads read-only reporting and the SKILL.md contains consistent commands and options for that purpose. However, the skill metadata lists no homepage/source and no primary credential while the SKILL.md references an external npm package (apple-ads-cli) whose provenance is unknown—this reduces trust even though the functionality aligns.
!
Instruction Scope
The runtime instructions instruct the agent to use/install an external npm CLI and to resolve credentials from (1) a per-command flag, (2) environment variables APPLE_ADS_ACCESS_TOKEN and APPLE_ADS_ORG_ID, or (3) a credentials file at ~/.config/apple-ads-cli/credentials.json. Those sensitive sources (env vars and a home-dir file) are not declared in the registry metadata. The SKILL.md therefore expects the agent to read sensitive environment/config data that the skill metadata does not advertise.
Install Mechanism
There is no install spec in the registry (instruction-only). The SKILL.md suggests 'npm install -g apple-ads-cli' which is a typical distribution method, but the package's repository/homepage/owner are not provided. Installing a third-party npm package globally has normal supply-chain risk; provenance should be verified before installation.
!
Credentials
The SKILL.md requires an OAuth access token and an organization ID and describes a credential JSON file path. Yet the registry declares no required env vars or primary credential. Requiring APPLE_ADS_ACCESS_TOKEN, APPLE_ADS_ORG_ID, and a credentials file is reasonable for this tool, but the omission from metadata is an inconsistency and the requested items are sensitive (tokens/private keys). The SKILL.md also mentions signing a JWT with a private key (ES256) but does not specify how/where that private key is stored—this increases ambiguity about what files/keys the skill might need.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges. It's user-invocable and can be run autonomously per platform defaults (normal for skills). There is no install-time script declared that would modify other skills or system-wide settings.
What to consider before installing
This skill appears to be a straightforward wrapper around an Apple Search Ads CLI, but there are important missing pieces you should verify before installing or using it: - Verify package provenance: look up 'apple-ads-cli' on the npm registry (owner, repository, homepage, recent releases) and confirm it is the legitimate tool you expect. Do not run 'npm install -g' for an unknown package. - Confirm credential handling: the SKILL.md expects APPLE_ADS_ACCESS_TOKEN, APPLE_ADS_ORG_ID or a credentials file at ~/.config/apple-ads-cli/credentials.json. Decide where you’ll store tokens/private keys and ensure they are protected. Ask the skill author to document the exact key file path and format. - Be cautious with private keys: the doc mentions signing a JWT with a private key (ES256). Confirm whether the CLI will read a private key file and where you must keep it; avoid placing keys in world-readable locations. - Consider least privilege: prefer creating a short-lived or read-only token for reporting tasks rather than using broad credentials. - Ask the publisher for source/homepage and a reproducible install/verification method; if you can’t verify the package source, treat it as untrusted. Because of the metadata/instruction inconsistencies and missing provenance, I recommend verifying the npm package and credential handling before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk977x0sbqx05axx0aer9yb9a9584cnzn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments