Back to skill

Security audit

Meta Ad Creatives

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Meta Ads reporting helper that uses a user-provided Meta access token to read ad performance data and cache results locally.

Install only if you are comfortable giving this local code access to Meta Ads reporting data for the accounts you configure. Use a least-privileged Meta access token, keep credentials in environment variables or a secret manager, and expect performance data to be cached locally in SQLite.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tainted flow: 'url' from requests.get (line 103, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
all_ads = []
        try:
            while url:
                response = requests.get(url, params=params, timeout=60)
                response.raise_for_status()
                data = response.json()
                all_ads.extend(data.get('data', []))
Confidence
65% confidence
Finding
response = requests.get(url, params=params, timeout=60)

Tainted flow: 'params' from os.getenv (line 147, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
all_ads = []
        try:
            while url:
                response = requests.get(url, params=params, timeout=60)
                response.raise_for_status()
                data = response.json()
                all_ads.extend(data.get('data', []))
Confidence
90% confidence
Finding
response = requests.get(url, params=params, timeout=60)

Tainted flow: 'url' from requests.get (line 103, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
url = f'{BASE_URL}/{API_VERSION}/{self.ad_account_id}/insights'

            try:
                response = requests.get(url, params=params, timeout=60)
                response.raise_for_status()
                data = response.json()
Confidence
65% confidence
Finding
response = requests.get(url, params=params, timeout=60)

Tainted flow: 'params' from os.getenv (line 147, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
url = f'{BASE_URL}/{API_VERSION}/{self.ad_account_id}/insights'

            try:
                response = requests.get(url, params=params, timeout=60)
                response.raise_for_status()
                data = response.json()
Confidence
90% confidence
Finding
response = requests.get(url, params=params, timeout=60)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This code sends account-scoped ad metadata to the Meta Graph API via HTTP requests, which is a network operation involving potentially sensitive business and campaign data. Although the module has basic docstrings, it does not clearly warn users that running it will contact an external service and transmit access-token-authenticated account queries.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The function accesses FACEBOOK_ACCESS_TOKEN, FACEBOOK_APP_ID, and FACEBOOK_APP_SECRET, which are sensitive credentials. While this is expected for API access, the file does not clearly disclose to users that it consumes sensitive environment variables or explain that these credentials are required and security-sensitive.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.