Manage Meta (Facebook) Ads campaigns, ad sets, ads, creatives, and access performance metrics via full read/write API integration.
Security Analysis
medium confidenceThe skill's instructions are a coherent Meta Ads integration, but the package metadata omits the credentials the runtime explicitly requires and it allows model-initiated write operations without safeguards — this mismatch and the ability to perform destructive actions make the bundle suspicious.
SKILL.md describes a full read/write Meta (Facebook) Ads API integration (listing, creating, updating, deleting campaigns/adsets/ads) which matches the skill name. However the registry metadata does not declare the environment variables the instructions require (META_ACCESS_TOKEN, META_AD_ACCOUNT_ID), which is an inconsistency between declared requirements and actual runtime needs.
The instructions contain numerous curl examples that perform read and destructive write operations (create/update/delete). They only reference META_ACCESS_TOKEN and META_AD_ACCOUNT_ID (appropriate for the purpose), and do not attempt to read unrelated system files. The concern is that the SKILL.md tells the agent to perform high‑privilege actions but does not appear to require or advertise those credentials in the skill manifest, creating a surface for accidental or unexpected use.
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer — lower install risk.
The SKILL.md requires an access token and an ad account ID (expected for Meta Ads). But the skill registry lists no required env vars or primary credential. That mismatch is concerning because consumers won't be warned about the token requirement up front. Also the documentation recommends using long‑lived/system user tokens (no expiry), which are high‑privilege and increase risk if mishandled; least-privilege and short-lived tokens are preferable.
The skill leaves model invocation enabled (disableModelInvocation not set) while allowing write/delete actions against an ad account. There is no 'always' flag, but the agent could autonomously invoke this write-capable skill if permitted — a risky configuration for operations that can spend money or delete resources.
Guidance
This skill contains clear curl examples for full read/write Meta Ads management and expects META_ACCESS_TOKEN and META_AD_ACCOUNT_ID, but the package metadata does not declare those required environment variables — that's a red flag. Before installing: (1) verify the author and repository/homepage (none provided here); (2) do not supply a permanent/highly privileged token until you trust the source — prefer a short‑lived user token or a token with minimal scopes; (3) prefer using Authorization headers (not access_token in URLs) to avoid token leakage; (4) restrict the token scopes to only what you need (ads_read vs ads_management); (5) consider requiring explicit user invocation or disabling autonomous model invocation for a write-capable skill; and (6) if you still want to use it, update the skill manifest to explicitly declare the required env vars so you understand what will be provided. The absence of regex scan findings does not imply safety — the main issue is the metadata/instruction mismatch and write-capable behavior.
Latest Release
v1.0.0
Initial release of Meta Ads API skill. - Full read/write integration with Meta (Facebook) Ads API. - Manage ad accounts, campaigns, ad sets, ads, and ad creatives. - Access detailed performance insights and metrics for accounts and campaigns. - Provides clear setup instructions, required permissions, and authentication steps. - Includes ready-to-use API request examples for all major ad management actions.
More by @zachgodsell93
Published by @zachgodsell93 on ClawHub
