ClawHub

Meta Ads Report Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward Meta Ads reporting tool that reads user-provided Meta credentials to fetch ad metrics and event names.

Install only if you are comfortable giving the skill read access to the specified Meta Ads account. Use a least-privilege Meta token with ads_read/read_insights, keep it out of chat logs and version control, rotate it if exposed, and consider pinning dependencies before deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to place a powerful Meta access token in a local .env file but provides no warning that this value is a sensitive credential, should not be committed to source control, and should be rotated if exposed. In an agent-skill context, this increases the chance of accidental credential leakage through repository commits, logs, screenshots, or support sharing, which could grant unauthorized read access to ads data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documentation instructs users to supply a Meta access token and ad account identifier but provides no guidance on secure storage, least-privilege token handling, rotation, or the sensitivity of ad account analytics and event data. This can lead users to paste long-lived credentials into insecure environments or expose account-level marketing data without understanding the privacy and operational risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill reads a Meta access token and ad account ID from environment variables and then uses them to make external API calls, but the user-facing interface does not disclose that credentials will be used or that data will be sent to Meta. In an agent setting, this creates a transparency and consent problem because a user may trigger external account access without understanding the action scope.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal