尤里改 Facebook Graph API 代理服务使用指南

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Facebook Graph API proxy guide, but it gives very broad third-party access to Facebook API actions without enough scoping or safety controls.

Review carefully before installing. Use only Baiz and Facebook accounts you control, verify exactly which Facebook assets and permissions the token can reach, avoid sensitive uploads unless you trust baiz.ai’s handling of the data, and require explicit human approval before any write, delete, budget, campaign, account, or bulk operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs users to transparently proxy all Facebook Graph API traffic, including uploads and destructive methods, through a third-party domain while claiming full compatibility and automatic token injection. This creates significant privacy, integrity, and operational risk because sensitive data and high-impact actions are routed through an intermediary without documenting data handling, logging, authorization boundaries, or safety limitations.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal