ClawHub

Ecommerce Product Research

v1.0.1

Research ecommerce products and stores using TikTok and Facebook ads, product data, and store intelligence from PipiAds.

0· 221·0 current·0 all-time
by@fanyanggod
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description ask for PipiAds-based ad and store research and the skill only requires a PIPIADS_API_KEY and npm to install a PipiAds helper server—these requirements are coherent and expected for this purpose.
Instruction Scope
SKILL.md stays on-scope: it instructs the user to set PIPIADS_API_KEY, optionally install/run the pipiads-mcp-server, and call PipiAds endpoints (search_ads, get_product_detail, etc.). It does not instruct reading unrelated files, other env vars, or exfiltrating data to unexpected endpoints.
Install Mechanism
Install is an npm global install: `npm install -g pipiads-mcp-server@1.0.3`. This is a typical mechanism but carries the usual npm risks (running third-party code on your machine). The package is version-pinned, which helps, but you should verify the package origin, repository, and contents before installing globally.
Credentials
Only a single credential (PIPIADS_API_KEY) is required and declared as the primary credential, which matches the skill's purpose. No unrelated secrets or config paths are requested.
Persistence & Privilege
Skill does not request always:true and will not be force-included. It defines an mcpServer command to run the installed helper binary with the provided API key, which is within the skill's scope and does not modify other skills or system-wide agent settings.
Assessment
This skill appears coherent for PipiAds-based ecommerce research, but take these precautions before installing or using it: 1) Audit the npm package (pipiads-mcp-server@1.0.3) — inspect its repository, maintainers, and recent release notes; avoid installing global packages unless you trust them. 2) Consider installing the helper in an isolated environment (container or dedicated VM) rather than your primary system. 3) Use a dedicated PIPIADS_API_KEY with limited scope/monitoring and check billing/credit usage (the skill notes API calls consume credits). 4) Verify the pipiads/pipispy sites and the npm package provenance if you need higher assurance. 5) Be aware the skill can invoke the helper server with your API key, so treat that key as sensitive and rotate/revoke if compromised.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ftqae6peahsng78yv6zqr25843r85

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binsnpm
EnvPIPIADS_API_KEY
Primary envPIPIADS_API_KEY

Comments