Apple Search Ads
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Apple Search Ads automation skill, but it can use ad-account credentials to create enabled campaigns and authorize spend without clear approval guardrails.
Install only if you are comfortable granting Apple Search Ads API access. Before running any scripts, require a dry run and explicit approval for each campaign, bid, keyword, budget, or delete action, and verify total budgets carefully. Keep the private key protected and do not store real secrets in the skill’s memory files.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-eager run could create live ad campaigns and authorize unwanted advertising spend.
The ready-to-use create-campaign script directly creates an enabled Apple Search Ads campaign and sets a fixed 10000 USD campaign budget while only prompting for daily budget. The artifacts do not show a confirmation, dry-run, explicit total-budget approval, or rollback guard.
NAME="${1:?Usage: $0 <name> <adam_id> <country> <daily_budget>}" ... "budgetAmount": {"amount": "10000", "currency": "USD"} ... "status": "ENABLED"Require explicit per-action user approval for campaign creation, bid/budget changes, and deletes; add dry-run output, hard budget limits, JSON-safe payload construction, and clear rollback instructions.
Anyone with these credentials or the private key may be able to access or change Apple Search Ads account data, depending on account permissions.
The setup handles Apple Search Ads account identifiers and private-key material. This is purpose-aligned, but these credentials can enable access to an advertising organization and should be tightly protected.
export ASA_CLIENT_ID="your-client-id" ... export ASA_PRIVATE_KEY="$(cat ~/.secrets/asa-private-key.pem)"
Use the least-privileged Apple Ads role available, prefer a private-key file path with restrictive permissions over exporting key contents, avoid pasting secrets into chat or memory files, and rotate credentials if exposed.
Local notes may reveal app strategy, budgets, target CPA/ROAS, and campaign performance to anyone with access to that folder.
The skill intentionally persists local campaign memory containing business goals, campaign structure, and performance notes. This is disclosed and useful, but it is sensitive business context.
In `~/apple-search-ads/memory.md`: Their apps (adam IDs); Target CPA/ROAS; Current campaign structure; What's working, what's not; Preferred reporting cadence
Review what is saved in ~/apple-search-ads/, keep secrets out of memory files, and delete or restrict the folder if the machine is shared.