Back to skill
Skillv1.0.0
VirusTotal security
Microsoft Ads MCP · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:06 AM
- Hash
- fe97ccdb3da6fa61b3b1a8c63bc87f79e1458cea1af7c99ea4d03667d5ee3f1f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: microsoft-ads-mcp Version: 1.0.0 The skill is classified as suspicious due to its reliance on an external GitHub repository (`https://github.com/Duartemartins/microsoft-ads-mcp-server.git`) for its core functionality, as detailed in `SKILL.md`. The setup instructions involve cloning this repository and installing its dependencies via `pip install -r requirements.txt`, followed by executing `server.py` from the cloned content. This introduces a significant supply chain risk, as the integrity of the external repository directly impacts the security of the agent's environment and the sensitive credentials (Microsoft Ads Developer Token, Azure AD Client ID) that are configured to be passed to the external server.
- External report
- View on VirusTotal