ClawHub

PipiAds - TikTok & Facebook Adspy Intelligence

v1.0.6

AI-powered TikTok & Facebook Adspy and Ad Library research for ads, products, stores, landing pages, advertisers, and competitors. Find trending ads, analyze...

1· 168·0 current·0 all-time
by@fanyanggod
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description request an API key and run a local MCP server; the declared primaryEnv (PIPIADS_API_KEY) and required binary (npm) are consistent with installing and running the pipiads-mcp-server package to call the external PipiAds service.
Instruction Scope
SKILL.md confines runtime actions to installing/running the published npm MCP server and sending search/image queries to PipiAds. It does not instruct reading unrelated files or harvesting unrelated environment variables; it explicitly warns not to send sensitive data.
Install Mechanism
Installation is via npm (pipiads-mcp-server@1.0.3) from the public registry. npm installs are plausible for this use case but carry moderate supply‑chain risk (install scripts may run, package code will execute locally). The skill itself recommends isolating the install.
Credentials
Only PIPIADS_API_KEY is required and is the primary credential, which is appropriate for a client that queries an external ad intelligence API. No unrelated secrets or config paths are requested.
Persistence & Privilege
always is false and the skill is user‑invocable. However, installing a global npm package persists code on the host; this is expected for the stated model but users should be aware the package will be installed and run locally.
Assessment
This skill appears coherent with its advertised purpose, but it installs and runs a third‑party npm package locally. Before installing: (1) review the pipiads-mcp-server package source and publisher if possible; (2) prefer installing/running it in a container, VM, or isolated dev environment; (3) do not send sensitive or private images/data to the service; and (4) be aware npm install scripts can execute arbitrary code — treat this as a supply‑chain risk and limit use on critical machines.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c73h398fp4tep1m044154p18437g3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binsnpm
EnvPIPIADS_API_KEY
Primary envPIPIADS_API_KEY

Comments