ClawHub

Meta Ads Control

v1.0.0

Use this skill when the user wants to inspect, report on, create, update, pause, resume, budget, target, upload assets for, or troubleshoot Meta, Facebook, o...

0· 215·0 current·0 all-time
by@tristanmanchester
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description target the Meta Marketing API and the skill only requests the expected primary credential (META_ACCESS_TOKEN) and optional Meta-specific env vars (META_AD_ACCOUNT_ID, META_API_VERSION, META_GRAPH_BASE). Required binaries (python3/python) match the bundled Python script. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md confines runtime actions to Graph API reads/writes, asset uploads, batch reads, and async Insights jobs. It explicitly recommends dry-runs, read-before-write, and explicit confirmation for money-affecting operations. It does not instruct reading unrelated host files or exfiltrating data to endpoints outside the declared Graph base.
Install Mechanism
There is no install spec (instruction-only skill with a bundled script). No remote downloads or installers; code is bundled as plain Python source, so there is no high-risk network installation step.
Credentials
Primary credential is META_ACCESS_TOKEN (appropriate). The skill optionally reads META_AD_ACCOUNT_ID, META_API_VERSION, and META_GRAPH_BASE — all justified by the described functionality. It does not request unrelated secrets or multiple opaque credentials.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or system-wide settings in SKILL.md or the bundled code. Autonomous invocation (model invocation) is allowed by default but is normal for skills and not combined with other red flags here.
Assessment
This skill appears to be a legitimate Meta Marketing API client. Before installing: (1) provide only a least-privilege META_ACCESS_TOKEN (prefer a system user token scoped to ads_management/ads_read as needed), (2) review the bundled scripts yourself or run them in a sandboxed agent to confirm behavior, (3) use the skill's dry-run and explicit-confirm workflows before any writes that change spend or delivery, and (4) avoid embedding tokens in prompts or files — inject them via your platform's secret/env mechanism and rotate them if shared. If you need higher assurance, inspect the full scripts (meta_ads.py) for logging of sensitive values and test in a non-production ad account first.

Like a lobster shell, security has layers — review code before you run it.

latestvk978bay37g8s1rnaq9kxc1sv8h82wfs5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📣 Clawdis
Any binpython3, python
Primary envMETA_ACCESS_TOKEN

Comments