ClawHub

Facebook Ads Library Search

Security checks across malware telemetry and agentic risk

Overview

The skill does search Meta ads, but it also includes under-disclosed backend Facebook automation, page-token use, local persistence, and stealth scaling guidance that users should review first.

Install only if you intentionally want automated Meta Ad Library collection and are comfortable with browser-context Facebook requests. Avoid using the stealth multi-session scaling guidance, keep request volumes conservative, review any generated scripts before running them, and monitor or delete the local memory/output files if they are created.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill claims it only reads data already visible to the user and is equivalent to copy-paste, but the actual instructions invoke scripted search APIs, pagination, batching, and multi-session throughput guidance. This mismatch is dangerous because it can mislead operators and safety systems about the skill's real scope, making higher-risk scraping automation appear like low-risk passive browsing.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The manifest includes a very broad set of trigger phrases, some of which overlap with ordinary requests about Facebook ads, competitor research, or ad data. Overbroad activation criteria are dangerous because they increase the chance the skill is invoked in contexts the user did not intend, leading to unexpected scraping, network access, or local side effects.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to read and append to a local memory file without any user-facing disclosure or consent flow. Undisclosed local file modification is dangerous because it creates persistent state, can leak operational details across tasks, and may violate user expectations about what the skill changes on disk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The generated code scrapes an LSD token from the currently loaded Facebook page and reuses it in a GraphQL request without explicitly disclosing that page-derived session/request token material is being accessed. While the token appears to be used only for the intended Ad Library request, silently harvesting page state/authentication-related material can create unexpected trust-boundary crossing and normalizes access to session context.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal