Tiktok Ads CLI
AdvisoryAudited by Static analysis on Apr 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is over-scoped or exposed, the agent or CLI could access TikTok Ads account data and any other permissions granted to that token.
The skill expects delegated TikTok Ads account access through an OAuth token or local credential file, which is normal for this API integration but gives the CLI whatever account permissions that token has.
The CLI requires a TikTok **OAuth access token**. Credentials are resolved in this order: ... `TIKTOK_ADS_ACCESS_TOKEN` ... `~/.config/tiktok-ads-cli/credentials.json`
Use the least-privileged token available, store it securely, avoid pasting secrets into chat, and confirm the advertiser ID before running commands.
Installing a global npm package runs and trusts third-party code on the local system.
The skill relies on installing a global npm package, and the instruction does not pin a version. This is purpose-aligned, but the reviewed artifact set does not include the CLI package code.
If the CLI is not installed, install it: ```bash npm install -g tiktok-ads-cli ```
Verify the npm package publisher and version before installing, consider pinning a known-good version, and install only in an environment where you are comfortable granting the CLI TikTok Ads access.
A user might assume no TikTok Ads account changes are possible even if the underlying CLI or token permits audience changes.
The text calls the CLI read-only but also says it can manage audiences. That wording is ambiguous because audience management can imply account-changing operations.
You have access to `tiktok-ads-cli`, a read-only CLI ... manage custom and lookalike audiences
Clarify the CLI's actual write capabilities and require explicit user confirmation before any audience creation, update, deletion, or upload action.