v1.0.0

Microsoft Ads MCP

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:54 AM.

Analysis

This looks like a real Microsoft Ads integration, but it deserves review because it can run an external MCP server with ad-account credentials and create or activate paid public advertising campaigns.

GuidanceReview this carefully before installing. Use a test Microsoft Ads account first, inspect and pin the external GitHub server code, protect the mcporter credential configuration, and require manual approval for budgets, final URLs, ad copy, keywords, and any campaign activation.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

mcporter call microsoft-ads.create_campaign '{"name": "My Campaign", "daily_budget": 20}' ... mcporter call microsoft-ads.create_responsive_search_ad ... mcporter call microsoft-ads.update_campaign_status '{"campaign_id": 123456, "status": "Active"}'

These documented tools can create paid campaigns, publish ad content, and activate spend. The artifact does not state explicit approval gates, account limits, budget ceilings, or rollback requirements before live account changes.

User impactIf installed and authorized, the agent could make costly or reputation-impacting changes to a Microsoft Ads account unless the user carefully controls each action.

RecommendationRequire explicit user confirmation before every create, update, or activation action; confirm account IDs, budgets, final URLs, keywords, and ad copy; keep new campaigns paused until reviewed.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

git clone https://github.com/Duartemartins/microsoft-ads-mcp-server.git
cd microsoft-ads-mcp-server
pip install -r requirements.txt ... "args": ["/path/to/microsoft-ads-mcp-server/server.py"]

The instruction-only artifact delegates execution to an unpinned external repository and its dependencies, and that external server would handle Microsoft Ads credentials and account mutation authority.

User impactA user must trust code and dependencies that are not included in the reviewed artifact before giving them access to an advertising account.

RecommendationReview the external repository and requirements before use, pin to a known commit or release, install in a virtual environment, and avoid providing production credentials until the server code is verified.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

Add to `~/.mcporter/mcporter.json`: { "mcpServers": { "microsoft-ads": { "command": "python3", ... "env": { ... } } } }

The MCP server configuration is persistent across sessions and includes credential environment variables. This is disclosed, but it keeps the tool available until the user removes it.

User impactThe advertising tool may remain callable in future sessions after initial setup.

RecommendationRemove the mcporter server entry or revoke credentials when the integration is no longer needed, and restrict which agents or workflows may invoke it.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

"MICROSOFT_ADS_DEVELOPER_TOKEN": "your_token", "MICROSOFT_ADS_CLIENT_ID": "your_azure_app_client_id" ... mcporter call microsoft-ads.complete_auth '{"redirect_url": "https://login.microsoftonline.com/common/oauth2/nativeclient?code=..."}'

The skill requires Microsoft Ads developer credentials and an OAuth authorization code. That is purpose-aligned, but it grants delegated access to advertising accounts.

User impactAnyone or any agent with access to the configured MCP server may be able to query or change the connected Microsoft Ads account within the granted permissions.

RecommendationUse least-privilege accounts where possible, prefer test accounts first, protect ~/.mcporter/mcporter.json, and rotate or revoke credentials when no longer needed.