Facebook Ads
PassAudited by VirusTotal on Apr 30, 2026.
Overview
Type: OpenClaw Skill Name: facebook-ads-integration Version: 1.0.4 The skill instructs the agent to perform a global installation of a third-party CLI tool (`@membranehq/cli`) and routes all Facebook Ads API interactions and authentication through an external proxy service (`getmembrane.com`). While these capabilities are aligned with the stated purpose of the integration, the requirement for global package execution and the redirection of sensitive advertising data and credentials through a third-party intermediary represent significant security risks without explicit proof of malice.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used without careful review, the agent could change ad campaigns, audiences, or other account objects in ways that affect business operations or advertising spend.
The skill exposes Meta Ads actions that can create, modify, or delete business advertising assets. This matches the stated purpose, but these are high-impact operations.
Create Campaign ... Update Campaign ... Delete Campaign | delete-campaign | Delete a campaign (sets status to DELETED)
Only run create, update, or delete actions after confirming the target ad account, object IDs, budgets, and intended outcome with the user.
The connected Membrane/Meta account may have access to ad accounts, campaigns, audiences, pixels, and related reporting data.
The integration relies on delegated credentials/OAuth through Membrane for Meta Ads access. This is expected, but it grants account-level authority through a third-party integration provider.
Membrane handles authentication and credentials refresh automatically
Use the least-privileged Meta account available, review requested permissions during OAuth, and revoke the Membrane connection when no longer needed.
Installing the CLI globally gives the package executable access in the user's environment, and the exact installed version may vary.
The setup asks users to install a global npm CLI at the latest version. This is central to the skill, but @latest means the installed code can change over time.
npm install -g @membranehq/cli@latest
Install only from the trusted npm package, consider pinning a reviewed version, and keep the CLI updated through normal trusted channels.
Connection setup information and action guidance may come from the Membrane service, so the agent should treat it as provider-supplied context rather than as higher-priority instructions.
The workflow may receive procedural instructions from the Membrane connection flow. This is expected integration plumbing, but remote instructions should not override the user's intent or security boundaries.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically
Use provider-supplied instructions only to complete the requested Meta Ads connection, and confirm with the user before sharing sensitive information or taking account-changing actions.