ClawHub

Facebook Ad Library Tracker & Monitor

v1.0.1

Monitor Facebook ads and advertisers with PPSPY. Create tracking tasks, analyze ad activity over time, inspect landing pages and products, and manage ad moni...

0· 48·0 current·0 all-time
by@fanyanggod
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (PPSPY Facebook ad monitoring) match the declared dependency on npm, the PPSPY_API_KEY, and the SKILL.md instructions to install and run the ppspy-mcp-server package.
Instruction Scope
SKILL.md limits actions to installing the ppspy-mcp-server, setting PPSPY_API_KEY, and calling PPSPY APIs (listing/creating monitoring tasks, analyses, etc.). It does not instruct reading unrelated system files or other environment variables.
Install Mechanism
The skill asks the agent to run `npm install -g ppspy-mcp-server@1.0.1` (global npm install). This is a common way to provide a helper binary but carries the usual npm risks (a package can execute arbitrary code during install). Verify the package's publisher and source (npm registry/GitHub) before installing; prefer inspecting package contents or using isolated environments.
Credentials
Only PPSPY_API_KEY is required and is declared as the primary credential. That is proportionate to a third-party ad-monitoring integration.
Persistence & Privilege
The skill will install and run an MCP server binary (ppspy-mcp-server). This implies a long-running process and potentially network activity from that binary. The skill does not set always:true; autonomous invocation is allowed (default). Consider reviewing the binary's behavior and network bindings before granting persistent use.
Assessment
This skill appears internally consistent, but exercise normal caution before installing a global npm package and handing over an API key. Actions to consider: 1) Verify the npm package and publisher (e.g., check the package on npmjs.com and source repo on GitHub) and inspect its code or release artifacts; 2) If possible, create a restricted PPSPY API key/account with minimal permissions and limited billing/quota; 3) Install/run the MCP server in an isolated environment (container or VM) to observe network activity and ports it binds to; 4) Avoid installing globally on sensitive hosts until you trust the package; 5) Review privacy/billing implications since API calls consume PPSPY credits.

Like a lobster shell, security has layers — review code before you run it.

latestvk9707hen6y0vzsaw9kw4ww47hs843sbg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binsnpm
EnvPPSPY_API_KEY
Primary envPPSPY_API_KEY

Comments