Skillv1.0.6

ClawScan security

Yuri广告平台 MCP API - Facebook广告创建、投放管理、数据监控。支持创建Campaign/Ad Set/Ad、查询余额、受众定位、文案素材管理、预算调整等。 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 20, 2026, 6:12 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (controlling Facebook ads via baiz.ai MCP) matches its instructions and required credential (BAIZ_API_TOKEN); it's an instruction-only skill with no installs or unrelated requests, so its pieces are internally consistent.
Guidance: This skill appears internally consistent for controlling Facebook ads via the baiz.ai MCP proxy, but it interacts with a third-party service that can spend money and manage live ads. Before installing: (1) verify https://baiz.ai is legitimate and read its privacy/billing/terms, (2) confirm the registry metadata matches SKILL.md (noted version mismatch), (3) provide only a revocable, minimal-permission test BAIZ_API_TOKEN (do not reuse production credentials), (4) disable autonomous invocation or supply read-only tokens for initial tests, (5) test against sandbox/test ad accounts and monitor billing and API calls, and (6) be prepared to revoke the token if you see unexpected behavior.

Review Dimensions

Purpose & Capability: noteThe name/description, SKILL.md, and _meta.json consistently describe a baiz.ai MCP proxy for Facebook ad management and require a single platform token (BAIZ_API_TOKEN). Minor metadata mismatch: registry listed version 1.0.6 while _meta.json contains 1.0.3 — this is not a functional mismatch but should be corrected for provenance.
Instruction Scope: noteSKILL.md is an instruction-only document that tells the agent to call a single HTTPS JSON-RPC endpoint (https://baiz.ai/mcp) and lists specific RPC methods (balance, create/publish/stop campaigns, etc.). It does not instruct reading local files or unrelated environment variables. It does state mutation operations exist and recommends user confirmation; that is appropriate but important to heed because operations can affect billing and live ad delivery.
Install Mechanism: okNo install spec and no code files — lowest-risk model for installation. Nothing is downloaded or written to disk by the skill itself.
Credentials: noteOnly BAIZ_API_TOKEN is required and is declared in both SKILL.md and _meta.json. That token is appropriate for the described proxy service. However, the token grants authority over ad operations and spend via baiz.ai, so it is high-sensitivity — the SKILL.md's recommendation to use revocable/minimal-scope test tokens is important.
Persistence & Privilege: okalways:false (not force-installed). The skill does not request persistent system privileges or modify other skills. Autonomous invocation is allowed by platform default (disable-model-invocation is false by default) — SKILL.md explicitly recommends disabling autonomous invocation for safety.