Meta Video Ad Deconstructor
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: meta-video-ad-deconstructor Version: 1.0.0 The skill is designed to deconstruct video ad creatives using Gemini AI, which aligns with its stated purpose. It requires standard Google Cloud credentials (`GOOGLE_APPLICATION_CREDENTIALS` and `project-id`) for Vertex AI, which are configured by the user and not maliciously accessed or exfiltrated by the skill. The Python code handles prompt management, data formatting, and interaction with the Gemini API. File system access is limited to reading local markdown prompt files, and network activity is confined to the legitimate Gemini API endpoint. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection against the OpenClaw agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may require giving it access to a Google Cloud service account used for Gemini calls.
The skill setup requires a Google service-account credential for Gemini/Vertex AI access. This is purpose-aligned, but service-account credentials can carry broad cloud permissions and are not declared in the registry metadata.
GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account.json
Use a dedicated, least-privileged Google service account limited to the required Vertex AI/Gemini permissions, and avoid reusing broad administrative credentials.
Video ad transcripts, scene descriptions, and overlay text may be sent to Gemini for analysis.
The skill sends formatted transcript, scene, and text-overlay content to the configured Gemini model. This is core to the skill's function, but it means analyzed ad content leaves the local context for provider processing.
response = self.gemini_model.generate_content(full_prompt)
Do not process confidential or unreleased creatives unless your Gemini/Vertex AI data handling settings and policies are acceptable.
The installed dependency version may vary over time and depends on the user's package source.
The setup instructions require manually installing an unpinned package. This is expected for a Vertex AI integration, but version pinning and source verification are not provided.
pip install vertexai
Install dependencies from a trusted Python package index and consider pinning a reviewed version in your environment.
A crafted ad transcript or overlay could skew the analysis or produce unreliable JSON results.
Untrusted ad content is inserted directly into prompts for model analysis. This is necessary for the skill, but malicious or manipulative text in an ad could influence the model's output.
Transcript: {{transcript}}
Text overlays: {{text_timeline}}
Scenes: {{scenes}}Treat analysis outputs as advisory, review them before relying on them, and avoid automatically feeding results into high-impact workflows without validation.