← 返回 Skills 市场
bluerockerr

Ads Analyzer

作者 bluerockerr · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
793
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install meta-ads-analyser
功能描述
Analyze extracted Meta ad creatives and generate a professional strategy report. Use after /meta_ads_extractor to produce a clean, organized analysis documen...
安全使用建议
This skill appears to do what it says (analyze extracted Meta ad assets and build an HTML strategy report) and it's instruction-only (no installers), but there are a few practical and privacy-related issues to consider before installing or running it: - Telegram delivery ambiguity: SKILL.md tells the agent to 'Send via Telegram with caption' but the skill metadata lists no TELEGRAM_TOKEN, CHAT_ID, or delivery mechanism. Clarify how Telegram sending is implemented and where credentials would be provided; do not store tokens in plaintext. If you do not want reports sent off your machine, remove or disable the Telegram step. - Local tooling requirements: The instructions call out sips (macOS) and ffprobe. The skill metadata lists no required binaries — verify these tools exist on the host or adjust the workflow. Missing binaries could cause failures or show attempts to fallback to other commands. - Model access: The SKILL.md references a 'vision model' and 'Gemini' for analysis. Ensure you understand what model endpoints will be used and whether those calls send media off your machine (and whether your account/billing is used). If the agent will upload images/videos to external APIs, that can expose sensitive data. - Data exfiltration risk: The skill zips the extracted asset folder and instructs sending it externally. Review the assets for any PII or proprietary content before allowing transmission. Prefer manual review and manual transfer if you have concerns. - Operational practice: Run the skill in a controlled environment (isolated workspace or VM) the first time, and test with non-sensitive sample data. Ask the skill author (or verify code) how Telegram sending is implemented and where credentials are required; require explicit prompts before any external transmission. If the author can clarify how Telegram delivery is handled (where/when credentials are used), and list required binaries (ffprobe, sips or cross-platform alternatives), this would reduce the remaining concerns and raise confidence.
功能分析
Type: OpenClaw Skill Name: meta-ads-analyser Version: 1.0.0 The skill is classified as suspicious due to significant vulnerabilities, primarily shell injection and Cross-Site Scripting (XSS) risks. The `SKILL.md` explicitly instructs the agent to execute shell commands (`sips`, `ffprobe`, `zip`) using filenames derived from input. If these filenames are not properly sanitized, they could lead to shell injection. Additionally, the `templates/report-template.html` uses placeholders for user-controlled content (e.g., ad copy, landing page text) without explicit mention of HTML escaping, posing an XSS risk in the generated report for the recipient. While the stated purpose is benign, these vulnerabilities could be exploited by malicious input data.
能力评估
Purpose & Capability
Name/description align with the instructions: the SKILL.md describes analyzing media and landing screenshots and producing an HTML report using a provided template. However, the instructions call out specific system tools (sips, ffprobe) and external delivery (Telegram) that are not reflected in the skill metadata (no required binaries, no required env vars). Those omissions are a mismatch between what the skill asks the agent to do and what it declares it needs.
Instruction Scope
The runtime instructions require reading files from a user home output folder, running local media tooling (sips, ffprobe), invoking vision and Gemini models for media analysis, generating an HTML file, zipping the folder, and 'Send via Telegram with caption'. The Telegram-send step is a potential data-exfiltration action but the skill declares no mechanism or credential for it. The use of macOS-specific sips and ffprobe (often not present by default) is prescriptive yet the skill metadata lists no required binaries — this gap may cause failures or hidden attempts to route data elsewhere. Overall the scope is plausible for the stated purpose, but the unqualified send-via-Telegram step and undeclared tooling are notable concerns.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute. That minimizes install-time risk (nothing is downloaded or written by an installer).
Credentials
The skill requests no environment variables or credentials in metadata, yet runtime instructions explicitly require sending the zipped report via Telegram. Sending via Telegram normally requires a bot token or API credentials; the absence of any declared TELEGRAM_TOKEN/CHAT_ID or equivalent is an inconsistency. Also the SKILL.md asks to use 'vision model' and 'Gemini' — these imply model API or platform access which may require credentials or billing; again nothing is declared. No broad secrets are requested in metadata, but the mismatch means the agent/host will need a way to transmit data that isn't specified.
Persistence & Privilege
The skill does not request always: true and does not modify other skills; it is user-invocable only. It writes output to the assets folder (its own working area) which is appropriate for its purpose.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install meta-ads-analyser
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /meta-ads-analyser 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Meta Ads Analyser skill initial release: - Generates professional HTML strategy reports from Meta ad creative assets. - Analyzes videos and images for hooks, visuals, emotions, CTAs, and performance insights. - Maps ads to funnels based on destination landing pages. - Evaluates landing page screenshots for conversion strategy and flow. - Produces clean, mobile-friendly reports with embedded media, analysis badges, and actionable insights. - Designed for seamless workflow after asset extraction, delivering all analysis in a downloadable zip folder.
元数据
Slug meta-ads-analyser
版本 1.0.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Ads Analyzer 是什么?

Analyze extracted Meta ad creatives and generate a professional strategy report. Use after /meta_ads_extractor to produce a clean, organized analysis documen... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 793 次。

如何安装 Ads Analyzer?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install meta-ads-analyser」即可一键安装,无需额外配置。

Ads Analyzer 是免费的吗?

是的,Ads Analyzer 完全免费(开源免费),可自由下载、安装和使用。

Ads Analyzer 支持哪些平台?

Ads Analyzer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Ads Analyzer?

由 bluerockerr(@bluerockerr)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 留言讨论