Skillv1.0.0

ClawScan security

Meta Ads Publisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 14, 2026, 6:24 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (Meta Ads management) but the package metadata omits the sensitive credentials the SKILL.md says are required and the runtime guidance encourages use of raw access tokens in curl commands — an incoherence that increases risk and warrants caution.
Guidance: This skill appears to do what it says (manage Meta Ads) but has two red flags: the internal SKILL.md expects META_ACCESS_TOKEN and META_AD_ACCOUNT_ID yet the package metadata lists no required creds, and the examples show embedding tokens in curl commands (risking accidental exposure). Before installing: (1) verify the skill manifest is updated to declare required credentials so you can manage permissions; (2) only provide a least-privileged, short-lived token or a dedicated service token with minimal scopes; (3) avoid pasting tokens into chat or command history — use secure agent credential storage or environment variables; (4) confirm the agent will not log or transmit tokens to third parties; and (5) because the skill source is unknown, prefer manual verification (run commands yourself or review with a trusted admin) rather than granting the agent autonomous live access to your ad account.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes exactly the Meta Marketing API calls and requires META_ACCESS_TOKEN and META_AD_ACCOUNT_ID which are appropriate for ad management. However, the registry metadata lists no required environment variables or primary credential — a clear mismatch between what the skill claims it needs and what the package declares.
Instruction Scope: concernInstructions stay within campaign-management scope (create/pause/clone campaigns) and provide concrete curl examples. They explicitly instruct using exec + curl with the access token embedded in requests, which is expected for API calls but increases the chance of token exposure (logs, chat history, command history). The guide warns not to paste tokens in conversation, but the examples demonstrate putting tokens directly into commands and suggest pulling tokens from the Graph API Explorer (a short-lived, user-level token), which may be incomplete or encourage unsafe handling.
Install Mechanism: okNo install spec or code files are present (instruction-only). This minimizes the risk of arbitrary code being downloaded or executed from external URLs.
Credentials: concernThe SKILL.md requires two sensitive items (META_ACCESS_TOKEN and META_AD_ACCOUNT_ID). These are proportionate to the stated purpose, but the top-level skill manifest did not declare them as required env vars or a primary credential — an inconsistency that can hide credential requirements from users and automated permission reviewers.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable; it does not request persistent system-wide privileges or modify other skills' configs. Autonomous model invocation is allowed (default), which is normal for skills but increases blast radius if credentials are mishandled.