ClawHub

Meta Ads Api

Security checks across malware telemetry and agentic risk

Overview

This Meta Ads skill matches its purpose, but needs Review because it exposes live ad-account write operations without clear confirmation or scoping safeguards.

Use this only with a minimally scoped Meta token. Prefer ads_read for reporting, grant ads_management only when you intend to let the agent make changes, and require a human-reviewed preview before any create, update, activate, pause, or delete action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill includes multiple state-changing ad operations such as creating campaigns, ad sets, ads, and updating campaign status, but it does not require explicit user confirmation, scope restriction, or clear warning that these actions can spend money or alter live advertising assets. In an agent context, this is dangerous because a model could autonomously perform impactful account changes from ambiguous prompts, leading to unintended budget changes, campaign creation, or service disruption.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instruction to 'Log all API responses' is unsafe because Meta API responses can contain advertising performance data, account identifiers, targeting details, and potentially tokens or sensitive error payloads. Centralized logging of raw responses increases the risk of sensitive data exposure through log aggregation systems, debugging tools, or downstream agent memory.

Ssd 3

Medium
Confidence
97% confidence
Finding
This is a true sensitive-data handling issue because raw API responses may include user-provided content, ad creative text, business identifiers, and secret-bearing fields in error/debug contexts, all of which may be persisted in natural-language logs. In an LLM-agent setting, such logs may be reused for context or surfaced to operators, compounding exposure risk beyond traditional application logging.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal