Skillv1.0.0

ClawScan security

Meta Ads CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 7, 2026, 8:58 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match a Meta Ads CLI, but there are notable mismatches and missing trust signals (undeclared auth env var, an unverified npm package reference, and sensitive OAuth scopes) that warrant caution before installing or running it.
Guidance: Before installing or using this skill: 1) Treat the npm package name as unverified—look up the package on npmjs.org (publisher, README, weekly downloads, last publish) and inspect its source code or repository before running `npm install -g`. Prefer installing in a container/VM or using a non-global install for review. 2) Provide an OAuth token with the least-privilege scopes required (avoid ads_management if only reading insights). Use the per-command `--credentials <path>` or short-lived tokens rather than storing long-lived tokens in ~/.config. 3) Ask the skill author/publisher for a homepage/repo and to declare META_ADS_ACCESS_TOKEN (and any other env vars) in the registry metadata. 4) Verify the CLI truly enforces read-only behavior for the scopes you grant. 5) If you lack the ability to review the npm package, do not install globally and consider running queries through an approved, known Meta integration instead.

Review Dimensions

Purpose & Capability: okName/description match the runtime instructions: the SKILL.md documents a CLI for the Meta Marketing API with commands for ad accounts, insights, creatives, pixels, and leads. The required capabilities described (reading ad accounts, insights, leads) are coherent with the stated purpose.
Instruction Scope: okRuntime instructions are focused on querying Meta data and include concrete CLI commands and authentication options. They do not direct the agent to read unrelated system files or to transmit data to third-party endpoints. One point to note: the doc calls the tool 'read-only' but also lists scopes such as ads_management, which can enable management operations — this should be confirmed with the CLI author.
Install Mechanism: concernThe SKILL.md suggests installing via `npm install -g meta-ads-open-cli`. The skill package metadata in the registry has source = unknown and no homepage. Because the skill points to an unverified npm package name (no provided source or homepage), installing it globally could run arbitrary code. The skill itself has no install spec in the registry, so the installer step is user-driven and not constrained by the platform—this increases operational risk unless you verify the package.
Credentials: concernThe registry lists no required env vars or primary credential, but SKILL.md expects a Meta OAuth token (META_ADS_ACCESS_TOKEN) or a credentials file (~/.config/meta-ads-open-cli/credentials.json) and enumerates several sensitive API scopes (ads_read, ads_management, leads_retrieval, business_management, etc.). This is a mismatch: the skill will need a sensitive credential though none is declared in metadata. The requested token grants access to potentially large amounts of ad/account data and some scopes can enable write actions — users should verify the minimal scopes needed and avoid providing broad tokens.
Persistence & Privilege: okSkill is instruction-only (no install spec or code written by the platform) and registry flags do not request always:true. It does reference a local credentials file, but the skill metadata does not grant itself persistent system privileges. No indication the skill will modify other skills or global agent config.