Back to skill

Security audit

Meta Ads Publisher

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Meta Ads management skill with sensitive ad-account write access, but the access is disclosed and aligned with its purpose.

Install only if you want an agent to operate a Meta Ads account. Use a revocable least-privilege token, store it in secret management, confirm the exact ad account, campaign/adset/ad, budget, and status change before every write, and keep new or duplicated campaigns paused until you review them in Ads Manager.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The top-level description authorizes broad, high-impact ad-management actions such as creating, modifying, pausing, activating, and duplicating campaigns with write-scoped credentials. Because activation criteria are not tightly constrained to explicit user confirmation for each destructive or spend-affecting action, the skill could be invoked on loosely related marketing requests and perform unintended account changes.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The phrase 'do any campaign management task' is overly ambiguous for a skill with direct write access to a live advertising account. In context, that ambiguity increases the chance of over-broad invocation and unintended execution of sensitive operations that can spend money, change targeting, or disrupt active campaigns.

External Transmission

Medium
Category
Data Exfiltration
Content
> META_APP_ID and META_APP_SECRET are not needed — the access token alone is sufficient for all API operations.

## How to Call the Meta API
Use exec + curl with your META_ACCESS_TOKEN. All requests go to `https://graph.facebook.com/v21.0/`.

Example structure:
```bash
Confidence
91% confidence
Finding
curl with your META_ACCESS_TOKEN. All requests go to `https://graph.facebook.com/v21.0/`. Example structure: ```bash curl -X POST "https://graph.facebook.com/v21.0/act_{AD_ACCOUNT_ID}/campaigns" \

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.