Meta Ads Daily Pulse

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only Meta Ads reporting helper with disclosed credential needs, but users should handle the Meta token carefully.

Install only if you want an agent to query Meta Ads performance metrics for the configured account. Use a token restricted to ads_read and the intended ad account, avoid command tracing or shared logs, and treat outputs as sensitive business reporting data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill embeds access tokens directly into curl command arguments, which can expose credentials through shell history, process listings, logs, telemetry, or debugging output. Although the destination is the legitimate Meta Graph API, the lack of credential-handling warnings and safer invocation patterns increases the chance of inadvertent token disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal