Meta Ads CLI - control your ad campaigns
PassAudited by VirusTotal on Apr 30, 2026.
Overview
Type: OpenClaw Skill Name: meta-ads-cli Version: 2.1.0 The skill is a well-architected and safety-conscious wrapper for the Meta Ads CLI. The primary component, `scripts/meta_ads_agent.py`, implements robust security features including automated redaction of sensitive environment variables (tokens/secrets) from logs and output, and a strict 'Risk Gate' system that requires specific user approval strings and explicit flags for high-risk operations like budget modifications or deletions. The `SKILL.md` instructions provide defensive prompt engineering to prevent accidental spend or credential leakage, and the inclusion of `resources/provenance.json` with cryptographic hashes for dependencies demonstrates strong supply-chain security practices.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused, the tool could change campaigns, assets, or budgets, but the artifacts include explicit controls intended to prevent accidental writes.
The skill can perform high-impact Meta Ads changes, but the instructions require specific approval and add gates for risky actions.
No spend-affecting change without explicit approval. A generic “yes” is not enough; approval must name the action, object/account, and key values.
Use the guard script, review exact commands before approval, and approve only one clearly named write action at a time.
A token with write authority could let the agent modify ad assets or affect spend within the token’s Meta account permissions.
The skill requires a Meta Marketing API access token and ad account context, which can carry sensitive account permissions.
required_env_vars: - ACCESS_TOKEN - AD_ACCOUNT_ID primary_credential: Meta Marketing API access token supplied through ACCESS_TOKEN
Use a token limited to the intended ad account and task; prefer read-only access for reports and grant write permissions only for approved mutation work.
Dependency changes or compromised packages could affect a tool that has access to Meta Ads credentials and account operations.
The direct CLI dependency is pinned, but the official package declares transitive dependencies as version ranges, so installation may still resolve external packages.
"requires_dist": ["click>=8.1", "facebook-business>=20.0", "python-dotenv>=1.0", "rich>=13.0"]
Install in a controlled environment, verify the pinned package and hashes where practical, and review resolved dependency versions before production use.
The agent will run local CLI commands that interact with Meta Ads; mistakes could make real account changes if approved.
The skill is explicitly designed for local command execution through a wrapper and the Meta Ads CLI, which is expected for its purpose but still sensitive.
capability_signals: - requires-sensitive-meta-credentials - can-affect-ad-spend - can-modify-ad-assets - local-command-execution
Run only the guarded `scripts/meta_ads_agent.py` path unless you intentionally choose raw CLI execution, and inspect commands before approving writes.
If logging is enabled, campaign/account operation details may be stored locally and could be reused or exposed outside the immediate task.
Persistent logging is off by default, but the artifacts allow optional logs, which could preserve operational context if enabled.
The guard keeps persistent logging disabled unless `META_ADS_AGENT_LOG` or `--log-file` is supplied.
Leave persistent logging disabled unless needed, store logs securely, and avoid logging tokens, secrets, or unnecessary account details.
A poorly reviewed automation plan could propagate mistakes across campaigns, ad sets, ads, assets, or budgets.
The skill recognizes that multiple Meta Ads changes can cascade, and it instructs the agent to contain changes through single-step writes and verification.
One write step at a time. Run one mutation, verify it, then continue. Do not batch multiple creation/update steps unless the user has approved a controlled automation plan.
Avoid bulk writes by default; require a reviewed plan, keep new objects paused unless separately approved, and verify each change before continuing.
Users could over-trust the wrapper if they only notice the official Meta CLI references and miss that the skill template is community-generated.
The skill uses Meta’s official CLI package but the wrapper skill itself is community-generated, so users should not mistake it for an official Meta-authored skill.
"skill_author": "community-generated skill template; not an official Meta package"
Treat the wrapper as third-party/community code, review it before use, and rely on official Meta documentation for account and API behavior.