ClawHub

Intake META Ads Analyst

Security checks across malware telemetry and agentic risk

Overview

This is a read-only Meta ads reporting skill with disclosed API use and local exports, but users should handle the Meta token and exported campaign data carefully.

Install only if you are authorized to access Intake Breathing's Meta ads account. Use a fresh short-lived ads_read token, avoid broader or long-lived credentials, do not paste tokens where transcripts are retained if a secure secret input is available, and delete or protect exported CSV/JSON files after analysis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to install dependencies, invoke a Python script, write outputs to /home/user/workspace, and call the Meta Marketing API, yet no explicit permissions or safeguards are declared. This creates an under-specified capability boundary where a user may trigger network access and file writes without clear consent, review, or policy enforcement.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly tells the user to paste a short-lived Graph API token into the chat without warning that it is a sensitive credential. Exposing access tokens in conversational channels increases the risk of credential leakage, logging exposure, unintended reuse, and unauthorized access to the Meta ad account and associated performance data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the user to provide a live Meta access token directly, but it does not warn that the token is a sensitive credential, limit how it should be shared, or recommend secure collection/storage practices. In an agent setting, this can lead to unnecessary credential exposure in chat logs, transcripts, or downstream tooling, enabling unauthorized access to ad account data if the token is leaked.

Natural-Language Policy Violations

Low
Confidence
95% confidence
Finding
The file contains direct personal/business contact details, including email addresses tied to identifiable individuals. In a broadly distributed agent skill, this creates unnecessary privacy exposure and can enable spam, phishing, or social-engineering against the named contacts, especially because the skill is designed for operational ad-account work.

Credential Access

High
Category
Privilege Escalation
Content
Before running the script, ask the user for TWO things:

1. **Access Token** — with `ads_read` permission. Get at https://developers.facebook.com/tools/accesstoken/
2. **Ad Account ID** — format `act_123456789`. Found in Ads Manager → Account Overview, or Business Settings → Ad Accounts.

Prompt the user:
Confidence
95% confidence
Finding
Access Token

Credential Access

High
Category
Privilege Escalation
Content
Prompt the user:
> "To export your campaign data, I need two things:
> 1. Your Meta access token (get one at https://developers.facebook.com/tools/accesstoken/ — ensure it has `ads_read` permission)
> 2. Your Ad Account ID (format: `act_123456789`, found in Ads Manager settings)
> Please provide both so I can pull your campaign insights."
Confidence
97% confidence
Finding
access token

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal