Back to skill
Skillv1.0.2
ClawScan security
Google Ads · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 8:42 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it delegates Google Ads access to the Membrane CLI/proxy, asks for no unrelated secrets, and its instructions align with the described purpose — but it will route account access through a third-party (Membrane), so review permissions before use.
- Guidance
- This skill appears to do what it claims: it uses Membrane as a proxy to access Google Ads and does not request unrelated secrets. Before installing/using it: - Verify the @membranehq/cli package and the repository/homepage (getmembrane.com / the GitHub link) to ensure you trust the third party. - Understand that Membrane will manage your Google Ads credentials server-side — review their privacy/security docs and where credentials are stored. - Use least-privilege connections where possible (grant read-only or limited access to accounts you don't want modified). Test on a sandbox/test account if available. - Be cautious with agent-autonomous invocation: the skill can run actions that modify or delete campaigns; consider requiring manual approval for destructive actions. - If installing the CLI on shared systems, treat global npm installs as privileged operations and validate the package integrity.
Review Dimensions
- Purpose & Capability
- okThe name/description (Google Ads management) matches the instructions: all commands use the Membrane CLI to connect to Google Ads, run actions, and proxy API requests. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- noteInstructions tell the agent/operator to install and use the @membranehq/cli, perform an interactive/ headless login flow, create a Membrane connection to Google Ads, list/run actions, and proxy raw API requests through Membrane. These steps are appropriate for the stated integration, but they give the Membrane service (and any agent-run commands) the ability to make destructive changes (create/remove campaigns, upload conversions) — which is expected for an integration but worth explicit caution.
- Install Mechanism
- noteThere is no formal install spec in the skill bundle (instruction-only), but the SKILL.md directs users to install a global npm package (npm install -g @membranehq/cli). Installing a CLI from the npm registry is a common pattern; verify the package and upstream repository (homepage/repo provided) before installing on sensitive systems.
- Credentials
- okThe skill declares no required environment variables or local credentials and explicitly recommends letting Membrane handle auth server-side. That is proportionate to its purpose, but note that account access/credentials will be stored/managed by Membrane (third party), not locally.
- Persistence & Privilege
- notealways is false and the skill is user-invocable (normal). The default ability for the agent to invoke the skill autonomously is allowed by platform defaults; because the skill can perform account-modifying actions, users should consider least-privilege connections and whether they want autonomous invocation enabled in their agent settings.