v1.0.5

lanbow-claw-skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:56 AM.

Analysis

This skill appears aligned with Meta ad management, but it needs careful review because it uses powerful Meta credentials and can launch or modify paid ads through an externally provided CLI.

GuidanceUse this only if you trust the lanbow-ads CLI and are comfortable granting Meta ad-management authority. Prefer short-lived, least-privilege tokens stored in secret fields, use a dedicated ad account with budget caps, keep campaigns paused until you approve the final creative/targeting/budget, and revoke credentials when finished.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

references/ad-delivery-commands.md

campaigns create ... --status <status> ... PAUSED or ACTIVE ... --daily-budget <cents>; campaigns update ... --status <status> ... ACTIVE, PAUSED, ARCHIVED

The skill documents CLI operations that can create or modify paid Meta campaigns, change live/paused/archive status, and alter budgets.

User impactThe agent could make business-impacting changes such as launching public ads, pausing campaigns, or changing spend levels.

RecommendationUse only with explicit user approval for each create/update action, require a final campaign preview, keep new campaigns paused by default, and set clear budget caps.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

metadata

Source: unknown ... Required binaries (all must exist): lanbow-ads ... No install spec ... No code files present

The sensitive Meta credential handling and ad-account mutations are delegated to an external required binary whose source and implementation are not included in the artifact set.

User impactUsers must trust a separate local CLI to receive Meta tokens and perform account mutations, but these artifacts do not establish its provenance.

RecommendationInstall lanbow-ads only from a trusted source, verify its publisher and version, and avoid supplying production credentials until the binary provenance is clear.

Unexpected Code Execution

SeverityLowConfidenceMediumStatusNote

references/creative-generation.md

IMAGE_BASE64=$(base64 -i "${product_image_path}")

The static scan shows a shell command using a product image path in generated/source-template text; this is aligned with image upload preparation but should be handled carefully.

User impactIf path values are substituted unsafely, the command could read an unintended local file or become brittle around unusual filenames.

RecommendationValidate image paths, keep variables quoted, avoid direct source-template substitution, and only encode files explicitly selected by the user.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

references/meta-account-setup.md

select permissions: ads_management, ads_read, business_management ... System User Token | Never expires ... Set the role to Admin (required for full ads management)

The setup asks for broad Meta advertising/business authority and also describes a long-lived admin system-user token path.

User impactA token with these permissions can manage ads and related business assets, and a non-expiring admin token increases the impact if mishandled.

RecommendationPrefer least-privilege, short-lived tokens; scope access to a dedicated ad account; store secrets only in a secret manager; revoke tokens after use if ongoing automation is not required.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceMediumStatusNote

SKILL.md

Creative Generation ... AI-generated ad images from strategy inputs ... User's Gemini API Key

The creative-generation feature appears to use an external AI provider with user-provided strategy/product inputs and a Gemini API key.

User impactProduct images, campaign strategy, or brand information may be sent to an external provider as part of generating creatives.

RecommendationDo not provide confidential assets unless that provider use is acceptable, and use a separate Gemini key with limited billing and revocation controls.