Skillv1.0.0

ClawScan security

Meta Ads Control · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 1:13 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill and included script are internally consistent with a Meta Marketing API client: it only needs a Meta access token, uses the Graph API base, requires Python, and the instructions and code match the described ad-management workflows.
Guidance: This skill appears to be a legitimate Meta Marketing API client. Before installing: (1) provide only a least-privilege META_ACCESS_TOKEN (prefer a system user token scoped to ads_management/ads_read as needed), (2) review the bundled scripts yourself or run them in a sandboxed agent to confirm behavior, (3) use the skill's dry-run and explicit-confirm workflows before any writes that change spend or delivery, and (4) avoid embedding tokens in prompts or files — inject them via your platform's secret/env mechanism and rotate them if shared. If you need higher assurance, inspect the full scripts (meta_ads.py) for logging of sensitive values and test in a non-production ad account first.

Review Dimensions

Purpose & Capability: okName/description target the Meta Marketing API and the skill only requests the expected primary credential (META_ACCESS_TOKEN) and optional Meta-specific env vars (META_AD_ACCOUNT_ID, META_API_VERSION, META_GRAPH_BASE). Required binaries (python3/python) match the bundled Python script. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okSKILL.md confines runtime actions to Graph API reads/writes, asset uploads, batch reads, and async Insights jobs. It explicitly recommends dry-runs, read-before-write, and explicit confirmation for money-affecting operations. It does not instruct reading unrelated host files or exfiltrating data to endpoints outside the declared Graph base.
Install Mechanism: okThere is no install spec (instruction-only skill with a bundled script). No remote downloads or installers; code is bundled as plain Python source, so there is no high-risk network installation step.
Credentials: okPrimary credential is META_ACCESS_TOKEN (appropriate). The skill optionally reads META_AD_ACCOUNT_ID, META_API_VERSION, and META_GRAPH_BASE — all justified by the described functionality. It does not request unrelated secrets or multiple opaque credentials.
Persistence & Privilege: okSkill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or system-wide settings in SKILL.md or the bundled code. Autonomous invocation (model invocation) is allowed by default but is normal for skills and not combined with other red flags here.