Facebook

Security checks across malware telemetry and agentic risk

Overview

This documentation-only Facebook skill is aligned with Page management, but users should treat comment deletion guidance carefully because it affects public content.

Install only if you intend to let an agent help with Facebook Page management. Use least-privilege Page tokens, keep app secrets out of logs, and require explicit confirmation before deleting comments or making other public moderation changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents destructive deletion of comments without any warning, confirmation, or recommendation to prefer reversible moderation actions first. In an agent context, that omission can lead to accidental or overly broad deletion of user content, causing integrity and moderation-governance issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal