ZuckerBot
Security checks across static analysis, malware telemetry, and agentic risk
Overview
ZuckerBot is coherently an ads-management skill, but it asks for Meta advertising credentials and can launch or bulk-launch paid public campaigns without clear approval, spending, or credential-storage guardrails in the provided artifacts.
Treat this as a high-impact advertising automation skill. Before installing or using it, verify the external MCP package, connect only the intended Meta ad account, use least-privileged credentials, and require explicit confirmation with budgets and campaign details before any launch, pause/resume, conversion sync, or bulk A/B test.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly or with an incorrect campaign object, the agent could launch or alter paid ads in the user's Meta account.
Launching Meta ads is a high-impact action because it can spend real money and publish public-facing advertising. The provided artifact describes the launch capability but does not show explicit final approval, spending limits, ad account scoping, or rollback safeguards.
`zuckerbot_launch_campaign` Launch a single campaign variant on Meta (Facebook/Instagram).
Require explicit user confirmation before every launch, pause/resume, conversion sync, or budget change; show the ad account, campaign contents, daily/lifetime budget, audience, and destination URL before execution.
A compromised or over-privileged token could allow campaign management or ad-spend actions on the user's Meta advertising account.
The skill requires delegated Facebook/Meta advertising access and a ZuckerBot API key, and says credentials are stored. That is expected for the purpose, but the provided artifacts do not clearly define permission scopes, storage location, retention, revocation, or why registry metadata declares no primary credential.
Connect their Facebook account at **zuckerbot.ai** (OAuth flow) ... Generate an API key ... Provide the API key — ZuckerBot stores credentials, so this is a one-time step per session
Use the least-privileged Meta access possible, confirm which ad account is connected, avoid sharing broad business-manager credentials, and verify how ZuckerBot stores and revokes API keys before use.
The static scan did not evaluate the code that would actually call ZuckerBot or Meta APIs.
The reviewed artifact set contains only instructions, while the actual MCP server that would handle credentials and campaign operations is an external npm package not included in the scan. The dependency is disclosed and version-pinned, so this is a provenance note rather than proof of malicious behavior.
tools:\n - zuckerbot MCP server (npm: zuckerbot-mcp@0.2.7)
Review the npm package source, publisher, permissions, and changelog before installing or connecting a production ad account.
A single mistaken instruction or bad campaign object could create several live ads at once instead of one.
Bulk launching variants can multiply spend and public exposure if the campaign setup is wrong. The provided artifact does not show containment such as maximum variant count, total budget cap, staged rollout, or mandatory user review.
`zuckerbot_launch_all_variants` (A/B Testing) Launch multiple ad variants simultaneously ... Preferred over single launch when optimisation is the goal.
Use staged launches, set total and daily budget caps, limit the number of variants, and require user approval for each batch.