ClawHub

Fb Page Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill matches its Facebook Page management purpose, but it gives an AI agent direct live posting, replying, scheduling, and post deletion power using a long-lived Facebook token without built-in confirmation safeguards.

Install only if you are comfortable granting the agent real Facebook Page authority. Use a test Page first when possible, protect the access token as a secret, prefer least-privilege and revocable credentials, and configure your MCP host to require explicit human approval before publishing, replying, scheduling, or deleting content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares access to sensitive environment variables and networked Facebook Graph API behavior, but does not declare corresponding permissions. This reduces transparency for users and policy enforcement systems, making it easier for the skill to access credentials and perform external actions without clear consent boundaries.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The server exposes a destructive delete_post tool, but the manifest reportedly omits that capability. This creates a security transparency and governance gap: users, orchestrators, or policy layers may approve or deploy the skill without realizing it can irreversibly delete Facebook Page content. In a social media publishing skill, hidden destructive functionality is more dangerous because it directly affects public-facing assets and brand reputation.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The code exposes a destructive capability (`delete_post`) that is not disclosed in the skill description, creating a scope mismatch between what users or policy systems expect and what the tool can actually do. Hidden destructive actions are dangerous because an agent, integrator, or reviewer may grant the skill access assuming it only publishes and manages content, while it can also permanently remove posts.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README advertises tools that can publish, schedule, reply, and delete live Facebook Page content, but it does not clearly warn users that these actions affect a real production page. In an agent-driven context, lack of explicit safety guidance increases the chance of unintended destructive or reputationally damaging actions caused by user misunderstanding or model misexecution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill supports immediate publication and irreversible deletion of public Facebook Page content, but the documentation does not prominently warn that actions can directly change externally visible content. In an agent context, this increases the risk of accidental or socially engineered publication that harms brand reputation or business operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill requests a long-lived Facebook Page access token but does not clearly warn that the token is highly sensitive and can grant broad control over Page content and engagement. In agent environments, undocumented credential sensitivity increases the chance of mishandling, logging, or unsafe reuse of the token.

Credential Access

High
Category
Privilege Escalation
Content
## Setup

1. Set `FB_PAGE_ID` to your Facebook Page's numeric ID.
2. Set `FB_ACCESS_TOKEN` to a non-expiring Page Access Token.
3. Run with `uv run src/server.py`.
Confidence
91% confidence
Finding
Access Token

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal