ClawHub

TikTok Shop Ad Library & TikTok Shop Analytics

v1.0.2

Research TikTok ads alongside TikTok Shop products and stores using PipiAds ad and TikTok Shop analytics tools.

0· 58·0 current·0 all-time
by@fanyanggod
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (TikTok ad + shop analytics) match the declared needs: a PIPIADS_API_KEY and an npm-installed MCP server that appears to act as the bridge to the PipiAds API. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md limits runtime actions to using the PipiAds MCP server and PipiAds API via the PIPIADS_API_KEY and describes the ad/product/shop query functions. It does not instruct the agent to read unrelated files, other env vars, or exfiltrate data to unexpected endpoints.
Install Mechanism
The skill instructs a global npm install of pipiads-mcp-server@1.0.3 (package on public npm). This is proportionate to the skill's function but carries typical npm risks (running third‑party code). The registry metadata earlier said "No install spec" even though SKILL.md contains an install entry — minor inconsistency but not necessarily malicious.
Credentials
Only one required env var (PIPIADS_API_KEY) is declared and used as primaryEnv. That matches the described API-based integration and is proportionate to functionality.
Persistence & Privilege
Skill is not marked always:true and does not request system-wide config changes or other skills' credentials. Model invocation is allowed (default) which is expected for a usable skill.
Assessment
This skill appears to do what it says: it uses a PipiAds API key and an npm MCP server to perform TikTok ad/shop analytics. Before installing, verify the pipiads-mcp-server package on the npm registry (author, source repo, recent versions, and reviews), obtain your API key from the official provider, and consider installing/running the MCP server in an isolated environment (container or sandbox) if you are cautious. Monitor your PipiAds account for unexpected credit/billing usage and avoid sharing the PIPIADS_API_KEY with untrusted systems. If you want extra assurance, ask the publisher for the package source (GitHub repo) and a checksum for the npm release.

Like a lobster shell, security has layers — review code before you run it.

latestvk977ch150jhbv19r7scjbhdc1s843cta

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binsnpm
EnvPIPIADS_API_KEY
Primary envPIPIADS_API_KEY

Comments