Skill to manage a facebook page
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The Facebook Page manager is mostly purpose-aligned, but it also includes undeclared X/Twitter digest scripts that use session cookies, run an external tool, and can post hard-coded Clawdbot/Moltbot content to a Facebook Page.
Only install this if you trust the code with your Facebook Page. Before use, remove or ignore the X digest scripts unless you explicitly want them, do not provide AUTH_TOKEN/CT0, and manually confirm any post/delete/hide action. Store tokens.json securely and verify the npm dependencies and any external tools before running scripts.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run, the skill could use unrelated X session credentials together with your Facebook Page token, giving the script authority beyond the advertised Facebook Page management use case.
This script expects X/Twitter session cookies and Facebook page tokens for a digest feature that is not part of the declared Facebook Page manager setup.
* Requirements: * - X cookies in env: AUTH_TOKEN, CT0 * - FB tokens.json at ../tokens.json
Do not provide AUTH_TOKEN or CT0 unless you explicitly want this X digest feature; remove or isolate these scripts and declare the required credentials if the feature is intentional.
Running this script could expose environment credentials to an undeclared local tool and make behavior depend on whatever 'bird' executable is on the user's PATH.
The script runs a PATH-resolved external binary and passes it the environment, including X cookies; this binary is not declared in the skill requirements and is outside the stated Facebook-only purpose.
const out = execFileSync("bird", args, {
env: {
...process.env,
AUTH_TOKEN: requireEnv("AUTH_TOKEN"),
CT0: requireEnv("CT0"),Remove this execution path or clearly declare, pin, and verify the external tool; avoid passing the full environment to child processes.
If invoked, your Page could publish unwanted or promotional digest content selected from X rather than content you explicitly wrote or approved.
The included script automatically turns external X content into a Facebook Page post, which can propagate unreviewed third-party content to a public Page.
* Searches X for Clawdbot + Moltbot * - Picks 1 tweet with an image (photo) * - Posts to a Facebook Page as a photo post with caption + links
Require an explicit preview and approval before posting any externally sourced digest, and remove hard-coded promotional topics if they are not central to the skill.
A mistaken command could publish, hide, or delete public Page content.
The core CLI can create/delete posts and hide/delete comments on a Facebook Page; this is aligned with the purpose but is high-impact public content moderation authority.
.command("create")
.description("Create a new post")
...
.command("delete")
.description("Delete a post")
...
.command("hide")
...
.command("delete")Review the exact Page ID, post/comment ID, and message before allowing the agent to run mutating commands.
Anyone who obtains the token file could potentially act on the connected Facebook Pages until tokens are revoked.
The skill stores long-lived Facebook user/page tokens locally with restricted permissions; this is expected for the integration but grants ongoing Page authority.
const TOKENS_FILE = join(SKILL_DIR, "tokens.json"); ... writeFileSync(TOKENS_FILE, JSON.stringify(tokens, null, 2)); chmodSync(TOKENS_FILE, 0o600);
Keep the skill directory private, avoid syncing tokens.json to shared storage, and revoke tokens from Meta if you stop using the skill.