Meta Business CLI
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate Meta business automation skill, but it can send, publish, delete, and forward account content using stored Meta credentials without clearly documented approval or scope limits.
Install only if you intend to let the agent operate Meta business accounts. Use least-privilege tokens, protect ~/.meta-cli/config.json, configure WhatsApp allowlists, and require explicit confirmation before any message send, public post, deletion, moderation, or webhook-forwarding change.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly or by mistake, the agent could send messages, publish posts, or delete/moderate content on connected Meta accounts.
The skill documents commands that can send business messages, publish public social content, and delete/moderate comments, but the visible instructions do not require explicit user approval, destination checks, or rollback before these high-impact actions.
meta wa send "+1234567890" --text "Hello" --json ... meta ig publish --image "https://example.com/photo.jpg" --caption "My post" --json ... meta ig comments delete COMMENT_ID --json
Only use this skill with explicit per-action approval for sends, posts, deletes, and moderation; configure recipient allowlists where possible.
A compromised or misused local token/config could allow actions on WhatsApp, Instagram, Facebook Pages, or Messenger assets tied to the account.
The skill instructs users to provide Meta app secrets, access tokens, and OAuth scopes for business account operations, with credentials stored locally. This credential authority is central to the skill but broad and not reflected in the registry credential declarations.
meta config set app.secret YOUR_APP_SECRET ... meta auth login --token YOUR_ACCESS_TOKEN ... meta auth login --scopes "whatsapp_business_messaging,instagram_basic,pages_show_list" ... Config stored at `~/.meta-cli/config.json`.
Use least-privilege tokens and scopes, keep the config file protected, rotate tokens if exposed, and avoid granting access to production accounts unless needed.
Inbound customer or user messages could be sent to an external endpoint if the forwarding URL is configured incorrectly or too broadly.
The skill can configure forwarding of inbound messages to a URL, which is a sensitive data flow. The visible artifact does not describe authentication, allowed destinations, or what message data is forwarded.
meta config set webhook.forwardUrl URL # Forward inbound messages to URL
Forward only to trusted HTTPS endpoints you control, document what data is sent, and avoid forwarding private conversations unless users have consented.
Users depend on the external package or repository contents at install time, which were not reviewed here.
The skill documents installing a global CLI package or cloning/building from a GitHub repository, while no code or lockfile is included in the reviewed artifact set.
command: "bun install -g meta-business-cli" ... command: "git clone https://github.com/adolago/meta-cli.git && cd meta-cli && bun install && bun build --compile --outfile ~/.bun/bin/meta src/index.ts"
Install from a trusted source, inspect the repository/package, prefer pinned versions or commits, and avoid running the build path in sensitive environments without review.