投放Agent自动化体验测试
WarnAudited by ClawScan on May 11, 2026.
Overview
The skill is coherent as an ad-agent UX tester, but it asks for full live session cookies and can automatically send budget-changing or ad-pausing requests against a real advertising account.
Only use this skill with a dedicated test/sandbox advertising account. Set ACCOUNT_ID explicitly, avoid real budget/pause/delete actions unless you intentionally approve them, treat cookies.json as a live login secret, delete it after testing, and review any report before uploading it to WeCom.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any process with these cookies may be able to act as the logged-in user for the advertising account during the cookie lifetime.
The skill asks the user to send full browser session cookies, including advertising, QQ login, and internal authentication cookies, even though the registry metadata declares no primary credential.
F12 控制台执行 `document.cookie` ... 将结果发给 Agent ... `.woa.com` 域Cookie(`RIO_TOKEN`等)用于内网认证 ... `.qq.com` 域Cookie(`ptcz`、`RK`等)用于QQ登录态
Use only a dedicated test account, provide only the minimum required cookies, avoid sharing broad QQ/internal cookies when possible, and delete cookie files after the test.
A test run against a live account could change campaign budgets or pause ads, affecting spend, delivery, and business operations.
The automation sends prompts that request bulk budget changes and ad pauses, which are high-impact business mutations if the target ad agent executes them.
{ label: '投放中-调预算', text: '帮我把所有在投的广告日预算统一调整到200元' }, ... { label: '投放后-关停', text: '帮我把转化成本超过50元的广告全部暂停' }, ... await sendMessage(page, text);Default to read-only prompts or a sandbox account, and require explicit human approval before any budget, pause, delete, or one-click execution action.
If the user forgets to set ACCOUNT_ID, the automation may attempt to use the supplied cookies against an unintended advertiser account.
Although the comment says ACCOUNT_ID is required, the script silently falls back to a fixed advertiser account ID, creating ambiguity about which account is being tested.
const ACCOUNT_ID = process.env.ACCOUNT_ID || '74295795'; ... const BASE_URL = `https://ad.qq.com/atlas/${ACCOUNT_ID}/agent`;Remove the default account ID and fail closed unless the user explicitly supplies the intended account ID.
Sensitive advertising account details could be copied from the local test output into a WeCom document.
The skill discloses an MCP-based upload path for the generated report, which may include screenshots, ad metrics, and agent responses from an authenticated account.
报告输出 - 本地Markdown文件:`output/agent-test/体验报告_投放Agent_{date}.md` - 企微文档(通过 `wecom_mcp` 的 `smartpage_create` 上传)Review and redact screenshots/report content before upload, and confirm the WeCom destination and permissions.
Users may not realize before install that the skill needs local browser automation tooling and sensitive session material.
The metadata under-declares operational requirements that appear in the artifacts, including Node.js, Playwright, cookies, ACCOUNT_ID, and optional font installation.
Required binaries: none; Env var declarations: none; Primary credential: none; No install spec — this is an instruction-only skill.
Declare required runtime tools, environment variables, and cookie credential handling in the registry metadata.