Back to skill

Security audit

Facebook Groups Scrape Posts

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says, but it uses a logged-in Facebook browser session to bulk collect group post data, so it should be reviewed before installation.

Install only if you understand that it will act through your logged-in Facebook browser session and may export personal information from group posts visible to your account. Use small counts, avoid scraping private or sensitive groups without permission, and review the generated output before sharing or storing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly performs networked scraping against Facebook and GraphQL endpoints, yet no declared permissions are shown. Hidden or undeclared network capability reduces transparency and weakens policy enforcement, making it easier for a caller or platform to invoke data collection behavior without an explicit trust decision.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to read from and append to a local memory file that is not necessary for the core task of scraping posts. This creates an unnecessary side channel for cross-task data persistence, increasing the risk of leaking prior execution context or contaminating future runs with data unrelated to the user's current request.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill is designed to collect identifiable Facebook user data, including author names, profile URLs, post text, timestamps, and direct media links, but the description does not clearly warn users that personal data will be harvested and returned. This weakens informed consent and increases the chance of accidental privacy-invasive use, especially because the skill automates bulk extraction from authenticated sessions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script emits JavaScript that reads Facebook anti-CSRF/session-related tokens from the logged-in page context and uses them to make authenticated GraphQL requests against the current user's account. In a scraping skill whose purpose is to harvest Facebook group posts, this behavior is functional rather than inherently covert, but it is still risky because it performs privileged requests on behalf of the user without explicit disclosure, consent prompts, or scope checks, which can surprise users and violate platform expectations or policy.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.