Apple Search Ads
v1.0.0Create, optimize, and scale Apple Search Ads campaigns with API automation, attribution integration, and bid strategy recommendations.
⭐ 1· 493·0 current·0 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description match the requested binaries (curl, jq), the Apple Search Ads API endpoints, and the required environment variables (client id, team id, key id, org id, private key file). The requested capabilities are proportional to managing ASA campaigns.
Instruction Scope
Instructions and scripts are scoped to Apple Search Ads APIs and iOS attribution flows. They instruct the agent to create a local memory directory (~/apple-search-ads/) and to read a private key file to sign a JWT. The docs explicitly warn not to commit secrets. Minor inconsistency: some docs/examples show exporting ASA_PRIVATE_KEY (PEM contents) while the runtime scripts and metadata expect ASA_PRIVATE_KEY_FILE (path to the PEM file). Confirm which approach you prefer before use.
Install Mechanism
No install spec or remote downloads — instruction-only skill. That minimizes disk-write/remote-code risk; scripts rely on standard system tools (curl, jq, openssl) which are reasonable for this task.
Credentials
The only environment variables requested are Apple Search Ads credentials and a private-key reference, which are appropriate for generating client secrets and calling ASA APIs. The number of variables is proportional. Reminder: the private key is sensitive — store and reference it securely rather than embedding it in text files.
Persistence & Privilege
The skill suggests persisting memory and a credentials template under ~/apple-search-ads/. That is consistent with providing stateful campaign context, but it creates local persistent storage that may contain sensitive operational notes. always:false (no forced global enable). Make sure you do not accidentally store real secrets in tracked files and restrict filesystem permissions for the memory/credentials folder.
Assessment
This skill appears to do exactly what it says: automate Apple Search Ads via the official API and integrate iOS attribution. Before installing: (1) Review and secure your ASA private key — prefer pointing ASA_PRIVATE_KEY_FILE to a protected file with restrictive permissions rather than putting the PEM into shell rc files. (2) Resolve the small docs mismatch (some docs mention ASA_PRIVATE_KEY while scripts expect ASA_PRIVATE_KEY_FILE) so the scripts work as intended. (3) Inspect the provided scripts (get-token.sh and others) and run them in a safe environment first; they call Apple endpoints only. (4) Be aware the skill will create ~/apple-search-ads/ for memories and templates—do not store real secrets there and lock the directory. (5) Use least-privilege credentials and rotate keys if possible. If you want, I can point out the exact lines that reference ASA_PRIVATE_KEY vs ASA_PRIVATE_KEY_FILE and suggest a fix.Like a lobster shell, security has layers — review code before you run it.
latestvk971srx9qa010j9a7w496csth581v2n4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🍎 Clawdis
OSLinux · macOS
Binscurl, jq
EnvASA_CLIENT_ID, ASA_TEAM_ID, ASA_KEY_ID, ASA_ORG_ID, ASA_PRIVATE_KEY_FILE