google-ads-mcp

SUSPICIOUS: the skill is purpose-aligned for Google Ads MCP access, but it requires high-value ad account credentials and installs mutable third-party code from GitHub rather than an official registry release. Data flow appears consistent with Google Ads usage, so this is not confirmed malware, but it carries meaningful supply-chain and credential-forwarding risk plus real-world write capability.