EMAR adv-plan-diagnosis
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to be a straightforward ad-plan diagnostic tool that uses official ad-platform APIs with user-provided tokens; no hidden, destructive, or unrelated behavior is evident.
Before installing, confirm you are comfortable storing ad-platform access tokens in the skill's .env file and letting the script query the specified ad account and plan. Keep tokens private, use limited permissions where possible, and install Python dependencies from a trusted environment.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token has broad permissions, the script may be able to read ad account/report or diagnosis data for the supplied account and ad IDs.
The skill requires user ad-platform access tokens stored locally. This is expected for the stated API-based diagnosis purpose, but users should understand it grants account-authorized access.
两个平台的 access_token 都从 .env 文件读取,需要用户自行配置并定期更新(腾讯 token 有效期2小时)。
Use the least-privileged token available, keep the .env file private, rotate tokens regularly, and verify the account/ad IDs before running the diagnosis.
Using the skill may run local Python code and make outbound requests to the ad providers' APIs.
The skill directs the agent to execute the included Python script. This is central to the advertised function and the script is scoped to provider API reads, but it is still local command execution.
python diagnose.py --platform ocean_engine --account_id <广告主ID> --adgroup_id <广告ID>
Run it only from the expected skill directory, after confirming the requested platform/account/ad IDs, and review the script if operating in a sensitive environment.
Installing dependencies without pins can result in different package versions being used in different environments.
The skill depends on external Python packages using lower-bound version ranges rather than exact pins. These are common packages, but dependency resolution may vary over time.
requests>=2.25.0 python-dotenv>=1.0.0
Install dependencies in a vetted environment and consider pinning exact package versions if this will be used operationally.