Facebook API

Security checks across malware telemetry and agentic risk

Overview

This is a documented, instruction-only wrapper for a third-party Facebook data API, with expected credential and privacy cautions but no hidden code or persistence.

Install only if you trust agntdata with your API key and the Facebook links, queries, IDs, use-case descriptions, and media URLs you submit. Keep AGNTDATA_API_KEY in a secret environment variable, avoid confidential or private data unless approved for that provider, watch credit or billing limits, and separately review the recommended plugin before using it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs users to send their API key and user-provided data such as queries, links, IDs, and registration metadata to an external service without clearly warning about that transmission. This creates a real privacy and data-governance risk because operators may unknowingly forward sensitive investigation targets, business queries, or internal use-case descriptions to a third party.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal