website to ads

Things to consider before installing or running this skill: - Metadata mismatch: the registry description said 'instruction-only' but the package includes TypeScript source, package.json, and install commands (npm install / npm run build). Installing will download and run npm packages and build code on your machine. - Required credentials: you must supply APIFY_TOKEN and OPENAI_API_KEY for full functionality. Civic tokens are optional and only used for gated export. Do NOT paste high-privilege or production keys into unfamiliar code — prefer scoped/test keys. - Persistence: the skill creates a .cache folder in the working directory and stores scraped content + analyzed brand data for 24 hours. If this data is sensitive, run in an isolated environment or remove cache files after use. - Reputation/legal risk: the skill includes an 'offensive' ad tone that explicitly instructs the model to produce abusive/attack-style copy and competitor naming. That may produce defamatory or policy-violating output; avoid that tone for real campaigns. - Install in a sandbox: because the package installs npm dependencies and builds code, review the source (especially src/auth.ts and any network calls) and install/run in a container or isolated CI runner if you don't fully trust the author. - Operational checks: confirm the Node runtime requirement (skill.json specifies node ">=22.12.0") matches your environment, and rotate any keys you use for testing. If you plan to export campaigns to Meta, verify that the skill does not directly push without explicit confirmation and inspect the payload it would send. If you want, I can: list the specific files that perform network calls, summarize src/auth.ts contents, or highlight any lines that read environment variables or write files.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.