Skillv1.0.0

ClawScan security

ZuckerBot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 4:31 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (manage Meta ads) is plausible, but there are inconsistencies and missing details—most notably references to an npm MCP server and credential storage without any install spec, source, or privacy/storage details—so proceed cautiously.
Guidance: This skill could be legitimate, but there are important unknowns and inconsistencies you should resolve before installing or providing keys: 1) Verify the external service and developer: find and inspect zuckerbot.ai and the npm package (zuckerbot-mcp@0.2.7). Ensure the domain, privacy policy, and developer identity are trustworthy. 2) Ask where credentials are stored and who can access them (local agent-only, platform vault, or ZuckerBot servers). Prefer short-lived OAuth tokens or scoped tokens you can revoke. 3) Request an explicit install/connection flow or a published connector rather than implicit npm references in SKILL.md. 4) Limit autonomous invocation if you want control: do not allow the agent to call the skill automatically for every Meta-ads mention until you trust the integration. 5) If you must test, use a throwaway Meta account and tightly scoped test API key you can revoke. If the provider cannot answer the storage and install questions, treat the skill as risky and avoid providing production credentials.

Review Dimensions

Purpose & Capability: concernThe skill claims to operate against the Meta Ads API via a 'ZuckerBot MCP server' (npm: zuckerbot-mcp@0.2.7) and via OAuth on zuckerbot.ai, which is coherent with ad-management functionality. However, the registry metadata and SKILL.md do not declare any required installs, dependencies, or environment variables for that npm package or a connector. There is no homepage or source URL to verify the external service (zuckerbot.ai) or the npm package. The presence of a specific npm package in compatibility.tools without an install mechanism is an inconsistency.
Instruction Scope: concernThe SKILL.md restricts actions to campaign creation, management, research, and conversion syncing — these are in-scope for an ad-management skill. However, it instructs the agent to prompt users to visit zuckerbot.ai, obtain an API key, and says 'ZuckerBot stores credentials, so this is a one-time step per session' without specifying where or how credentials are stored (agent memory, platform vault, remote service). That ambiguity increases risk because it could lead to credentials being retained or transmitted to an unknown third party.
Install Mechanism: noteThis is an instruction-only skill with no install spec or code files (lower surface risk). Still, it's inconsistent that compatibility.tools lists a specific npm package (zuckerbot-mcp@0.2.7) but there are no install instructions or declared runtime requirements. If the skill relies on that package/server, the registry should declare how that integration is provided; absence of that information is a gap.
Credentials: noteThe skill does not request any environment variables or platform secrets in metadata, and instead expects the user to obtain an API key via zuckerbot.ai OAuth and provide it at runtime. Requesting a service-specific API key is proportionate to the task. The concern is the unspecified storage/handling of that API key and lack of clarity about token scope/lifetime (short-lived vs long-lived).
Persistence & Privilege: concernThe skill is not marked always:true, but the SKILL.md instructs: 'Even if the user doesn't say "ZuckerBot" — if ads on Meta are involved, use this skill.' That gives the agent broad discretionary trigger conditions. Combined with the ability to accept and 'store' API keys for future use, this creates a larger blast radius if the integration or storage is opaque. The skill does not indicate it will modify other skills or system config.