Skill to manage a facebook page
Security checks across malware telemetry and agentic risk
Overview
The Facebook Page manager largely matches its stated purpose, but it also includes undocumented X/Twitter digest scripts that use session cookies and an undeclared external command to publish Clawdbot/Moltbot content to a user's Facebook Page.
Review this skill carefully before installing. Only use it if you are comfortable granting Facebook Page posting/comment permissions, remove or ignore the undocumented X digest scripts, do not provide X AUTH_TOKEN/CT0 cookies unless you intentionally want that feature, and verify where tokens.json is stored so you can revoke or delete it later.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the user's Page could publish unrelated promotional or auto-selected content under their brand.
This file contains an undocumented workflow that can publish a Clawdbot/Moltbot promotional digest to the user's Facebook Page, which is not described in the skill's stated Facebook Page management purpose.
* X -> Facebook Page digest poster ... Searches X for Clawdbot + Moltbot ... Posts to a Facebook Page as a photo post ... lines.push("Theo dõi thêm: clawd.bot | github.com/clawdbot/clawdbot");Remove this workflow or clearly document it as optional, require an explicit user request, show a preview of the exact post, and require confirmation before publishing.
Supplying these cookies could give the script or invoked tools access to the user's X session while also using Facebook Page tokens.
The skill introduces X/Twitter session-cookie credentials in addition to Facebook tokens, but the registry metadata declares no credentials or required env vars and SKILL.md does not disclose X account access.
Requirements:\n * - X cookies in env: AUTH_TOKEN, CT0\n * - FB tokens.json at ../tokens.json
Declare all credentials, avoid raw session cookies, use scoped OAuth where possible, and separate optional X functionality from the Facebook Page manager.
A malicious or unexpected 'bird' binary on the system could receive environment secrets and act with the user's X credentials.
The skill executes an undeclared external binary from PATH and passes the full environment plus X cookies to it; this is outside the documented Facebook Page workflow.
const out = execFileSync("bird", args, { env: { ...process.env, AUTH_TOKEN: requireEnv("AUTH_TOKEN"), CT0: requireEnv("CT0") }Do not execute undeclared external tools with broad environment access; if needed, declare and pin the dependency, pass only minimal env vars, and require user approval.
Users may not know where powerful Facebook Page tokens are stored or how to remove them after use.
The implementation persists long-lived Facebook user/page tokens in the skill directory, while SKILL.md says tokens are saved under ~/.config/fbpage/tokens.json.
const TOKENS_FILE = join(SKILL_DIR, "tokens.json"); ... writeFileSync(TOKENS_FILE, JSON.stringify(tokens, null, 2)); chmodSync(TOKENS_FILE, 0o600);
Store tokens only in a documented OS config/credential location, declare the credential requirement in metadata, and provide clear revoke/delete instructions.
Mistaken commands or agent actions could remove Page content or comments.
Deleting posts and comments is aligned with a Page-management tool, but it is high-impact public account mutation and the CLI does not add a confirmation step.
postCmd.command("delete") ... apiDelete(opts.post, pageToken); ... commentsCmd.command("delete") ... apiDelete(opts.comment, userToken);Use explicit confirmation before deletes/hides/posts, verify the Page ID and object ID, and preview public content before publishing.