Google Ads Intent MCP
PassAudited by ClawScan on May 6, 2026.
Overview
The skill is coherent and safety-focused, but users should verify the GitHub package before installing it and keep any Google Ads credential use explicit and limited.
This skill appears safe to use for local CSV analysis and dry-run planning. Before installing, verify the GitHub repository and consider pinning the package version. If you connect Google Ads credentials later, keep them scoped, do not paste secrets into chat, and require explicit confirmation for any live account action.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing from a moving GitHub source means the code a user receives may differ from what was reviewed here.
The setup flow installs executable code from a remote GitHub repository, and the provided review artifacts do not include that code or pin it to a specific release or commit.
`pipx install "git+https://github.com/davidmosiah/google-ads-intent-mcp.git"`
Review the repository, prefer a tagged release or pinned commit if available, and run setup only when the user has explicitly requested installation.
If the related MCP tool is configured for live Google Ads access, credentials could expose or affect advertising account data depending on their scope.
The skill acknowledges that sensitive Google Ads or provider credentials may be present. The guidance is protective, but credentials remain high-impact access if live account functionality is used.
"Do not print OAuth tokens, API keys, service-account JSON, local token files, or private user data."
Use least-privilege credentials, avoid sharing token files in chat, and require explicit confirmation before any live provider call or account-changing action.