ClawHub

SnapChat Ads CLI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Snapchat Ads reporting skill, with sensitive business-data access that matches its purpose but needs careful handling.

Install only if you trust the external npm CLI and need Snapchat Ads reporting. Use a least-privilege Snapchat OAuth token, avoid unnecessary billing/member/audience/audit queries, and redact tokens, identifiers, customer/audience details, and financial data unless the user explicitly needs them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill claims the CLI is read-only, but the documentation also includes operations that are not strictly read-only, such as POST-based audience insights and resource-management language like managing AR lenses. Mislabeling capability boundaries can cause an agent or user to invoke commands under a false assumption of safety, increasing the risk of unintended state-changing actions or broader data exposure.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation is internally contradictory: it markets the tool as read-only while documenting commands and workflows that imply non-read-only behavior. This inconsistency is dangerous because safety controls often rely on accurate capability descriptions; if the description is wrong, downstream systems may grant trust or skip confirmations they otherwise would require.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill enables retrieval of billing, member, audience, pixel, audit log, invoice, and transaction data without an explicit warning that these may contain sensitive business or personal information. In an agent setting, that omission increases the chance of oversharing, unnecessary data access, or disclosure of confidential account details beyond the user's immediate need.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal