ClawHub

Facebook Adspy & Facebook Ad Library

v1.0.2

Research Facebook ad creatives and Meta Ad Library results using PipiAds adspy and ad library tools.

0· 61·0 current·0 all-time
by@fanyanggod
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Facebook ad research) matches the declared requirement (PIPIADS_API_KEY) and the SKILL.md which invokes the PipiAds MCP server CLI. Requesting npm and a PipiAds API key is proportionate to the stated functionality.
Instruction Scope
SKILL.md instructs the agent to set PIPIADS_API_KEY, install and run the pipiads-mcp-server, and use its adspy/ad library endpoints. The instructions do not ask the agent to read unrelated files or other environment variables, but they do instruct globally installing and running a third‑party server binary (pipiads-mcp-server) that will perform network calls to the PipiAds service.
Install Mechanism
Installation is via npm install -g pipiads-mcp-server@1.0.3 (a public npm package). npm installs and executing that package are expected for this skill but carry the normal risk of running third‑party code and creating a global binary. No direct downloads from unknown URLs are used.
Credentials
Only PIPIADS_API_KEY is required and declared as the primary credential. That single API key is consistent with accessing the PipiAds service; no unrelated secrets or config paths are requested.
Persistence & Privilege
The skill is not force-enabled (always: false) and does not request system-wide config changes. It will install and run a CLI server when used but does not claim to modify other skills or global agent configuration.
Assessment
This skill appears coherent: it uses an API key (PIPIADS_API_KEY) and an npm CLI (pipiads-mcp-server) to query PipiAds for Facebook ad research. Before installing/using it, consider the following: (1) installing the package globally will place third‑party code on your system — review the package source (npm package repo) or run it inside a sandbox/container; (2) the MCP server will make network calls to PipiAds and will consume credits from your PipiAds account — monitor usage and billing; (3) only provide a PipiAds API key with the least privileges possible, rotate keys if compromised, and avoid reusing that key elsewhere; (4) if you need stronger assurance, request the skill author/publisher info or inspect the pipiads-mcp-server package contents and its network behavior before granting the API key. Overall the skill is internally consistent with its stated purpose, but installing third‑party packages and running local servers carries operational risk you should mitigate.

Like a lobster shell, security has layers — review code before you run it.

latestvk9723wm8n9dsw16qb8jn9zamzn843czv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binsnpm
EnvPIPIADS_API_KEY
Primary envPIPIADS_API_KEY

Comments