Back to skill

Security audit

Meta Ads

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate Meta Ads API reference, but it gives an agent high-impact ad account control without enough safety guidance.

Install only if you want an agent to manage a real Meta Ads account. Use a dedicated least-privilege token scoped to the intended account, avoid putting tokens or app secrets in prompts, logs, URLs, or source files, set spend limits in Meta Business Manager, and require explicit approval before activation, budget changes, creation, updates, or deletes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents destructive write operations such as deleting campaigns, ad sets, and ads, but does not prominently warn that these actions can immediately affect live advertising, spend, delivery, and account state. In an agent skill context, exposing such operations without explicit confirmation and impact warnings increases the risk of accidental or unauthorized account-impacting changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to supply a Meta access token and describes authentication patterns, but does not include clear guidance that these credentials are sensitive secrets that must not be logged, echoed, embedded in URLs, or shared with untrusted systems. In practice, mishandling these tokens could grant attackers read/write access to ad accounts and related performance data.

Credential Access

High
Category
Privilege Escalation
Content
## Token Management

### Extending User Access Tokens

Short-lived user tokens (~2 hours) can be exchanged for long-lived tokens (60-90 days):
Confidence
86% confidence
Finding
Access Tokens

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.