Facebook Get Profile Posts API

Security checks across malware telemetry and agentic risk

Overview

This is a focused API wrapper for fetching public Facebook profile posts through JustOneAPI, with the main caution that the API token is sent in the request URL.

Install only if you trust JustOneAPI with your API token and Facebook profile lookups. Keep JUST_ONE_API_TOKEN private, avoid sharing logs or error output that may include full request URLs, and rotate the token if you suspect it was exposed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The operation requires a sensitive authentication token to be sent as a query parameter, and the manifest provides no user-facing warning about handling or exposing that secret. Query-string tokens are commonly logged by clients, proxies, and servers, increasing the chance of credential leakage and unauthorized API use.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation instructs users to supply a security token in a query parameter but provides no warning about secure handling, storage, or transmission of that credential. Query parameters are commonly exposed in logs, browser history, analytics, proxies, and referrer data, so documenting token usage this way without caution increases the risk of credential leakage and unauthorized API access.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal