launch-ad-campaign

SUSPICIOUS: The skill’s purpose and core capabilities largely align, but it authorizes autonomous real-world spend actions and depends on MCP servers with uneven provenance. Google’s MCP path has same-org evidence, while LinkedIn/Meta/TikTok appear to rely on third-party servers, making credential forwarding and campaign-data routing materially risky. Not confirmed malware, but high operational/security risk unless restricted to verified official MCP implementations and reviewed local scripts.