Skill to manage a facebook page

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal (+1 more)

Findings (9)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

If run, the skill could use unrelated X session credentials together with your Facebook Page token, giving the script authority beyond the advertised Facebook Page management use case.

Why it was flagged

This script expects X/Twitter session cookies and Facebook page tokens for a digest feature that is not part of the declared Facebook Page manager setup.

Skill content

* Requirements:
 * - X cookies in env: AUTH_TOKEN, CT0
 * - FB tokens.json at ../tokens.json

Recommendation

Do not provide AUTH_TOKEN or CT0 unless you explicitly want this X digest feature; remove or isolate these scripts and declare the required credentials if the feature is intentional.

ConcernHigh Confidence

ASI05: Unexpected Code Execution

What this means

Running this script could expose environment credentials to an undeclared local tool and make behavior depend on whatever 'bird' executable is on the user's PATH.

Why it was flagged

The script runs a PATH-resolved external binary and passes it the environment, including X cookies; this binary is not declared in the skill requirements and is outside the stated Facebook-only purpose.

Skill content

const out = execFileSync("bird", args, {
    env: {
      ...process.env,
      AUTH_TOKEN: requireEnv("AUTH_TOKEN"),
      CT0: requireEnv("CT0"),

Recommendation

Remove this execution path or clearly declare, pin, and verify the external tool; avoid passing the full environment to child processes.

ConcernHigh Confidence

ASI08: Cascading Failures

What this means

If invoked, your Page could publish unwanted or promotional digest content selected from X rather than content you explicitly wrote or approved.

Why it was flagged

The included script automatically turns external X content into a Facebook Page post, which can propagate unreviewed third-party content to a public Page.

Skill content

* Searches X for Clawdbot + Moltbot
 * - Picks 1 tweet with an image (photo)
 * - Posts to a Facebook Page as a photo post with caption + links

Recommendation

Require an explicit preview and approval before posting any externally sourced digest, and remove hard-coded promotional topics if they are not central to the skill.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

A mistaken command could publish, hide, or delete public Page content.

Why it was flagged

The core CLI can create/delete posts and hide/delete comments on a Facebook Page; this is aligned with the purpose but is high-impact public content moderation authority.

Skill content

.command("create")
  .description("Create a new post")
...
.command("delete")
  .description("Delete a post")
...
.command("hide")
...
.command("delete")

Recommendation

Review the exact Page ID, post/comment ID, and message before allowing the agent to run mutating commands.

NoteHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

Anyone who obtains the token file could potentially act on the connected Facebook Pages until tokens are revoked.

Why it was flagged

The skill stores long-lived Facebook user/page tokens locally with restricted permissions; this is expected for the integration but grants ongoing Page authority.

Skill content

const TOKENS_FILE = join(SKILL_DIR, "tokens.json");
...
writeFileSync(TOKENS_FILE, JSON.stringify(tokens, null, 2));
chmodSync(TOKENS_FILE, 0o600);

Recommendation

Keep the skill directory private, avoid syncing tokens.json to shared storage, and revoke tokens from Meta if you stop using the skill.

Findings (9)

critical

suspicious.dangerous_exec

Location: scripts/x_digest_collect.js:20
Finding: Shell command execution detected (child_process).

critical

suspicious.env_credential_access

Location: scripts/auth.js:32
Finding: Environment variable access combined with network send.

critical

suspicious.env_credential_access

Location: scripts/x_digest_collect.js:14
Finding: Environment variable access combined with network send.

critical

suspicious.env_credential_access

Location: scripts/x_digest_to_fb.js:27
Finding: Environment variable access combined with network send.

critical

suspicious.exposed_secret_literal

Location: scripts/auth.js:69
Finding: File appears to expose a hardcoded API secret or token.

warn

suspicious.potential_exfiltration

Location: scripts/auth.js:53
Finding: Sensitive-looking file read is paired with a network send.

warn

suspicious.potential_exfiltration

Location: scripts/cli.js:31
Finding: Sensitive-looking file read is paired with a network send.

warn

suspicious.potential_exfiltration

Location: scripts/fb_post.js:66
Finding: Sensitive-looking file read is paired with a network send.

warn

suspicious.potential_exfiltration

Location: scripts/x_digest_to_fb.js:36
Finding: Sensitive-looking file read is paired with a network send.