Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Facebook Page Manager 1.0.0
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The core Facebook Page manager is mostly coherent, but the package also includes undisclosed X/Twitter-to-Facebook posting scripts that use X session cookies and can publish promotional digest content to a Facebook Page.
Only install this if you are comfortable granting Facebook Page posting/moderation authority, and do not run the x_digest_* scripts or provide AUTH_TOKEN/CT0 unless you specifically want the undocumented X-to-Facebook digest workflow. Check where tokens.json is actually stored and protect or delete it when no longer needed.
Static analysis
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Potential exfiltration
Warn
- Finding
- Sensitive-looking file read is paired with a network send.
Potential exfiltration
Warn
- Finding
- Sensitive-looking file read is paired with a network send.
Potential exfiltration
Warn
- Finding
- Sensitive-looking file read is paired with a network send.
Potential exfiltration
Warn
- Finding
- Sensitive-looking file read is paired with a network send.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If invoked, it could publish unreviewed content to a public Facebook Page using the user's Page authority.
Why it was flagged
This script can publish a Facebook Page photo post using stored page tokens, but this X-to-Facebook digest workflow is not described in SKILL.md and has no built-in preview or confirmation step.
Skill content
result = await fbUploadPhoto(pageId, pageInfo.token, imgPath, caption);
Recommendation
Remove or clearly document this digest workflow, and require an explicit user preview and approval before any public post, deletion, hide, or reply action.
What this means
Installing or using the hidden digest scripts may require giving the skill access to an unrelated X account session in addition to Facebook Page privileges.
Why it was flagged
The script requires X/Twitter session-cookie values even though the skill metadata declares no credentials and SKILL.md only describes Facebook/Meta setup.
Skill content
AUTH_TOKEN: requireEnv("AUTH_TOKEN"),
CT0: requireEnv("CT0"),Recommendation
Do not provide AUTH_TOKEN or CT0 to this skill unless you intentionally want X account access; the publisher should remove the X cookie dependency or declare and scope it clearly.
What this means
Facebook Page tokens may be kept somewhere different than the user expects, increasing the chance they are backed up, copied, or left behind during cleanup.
Why it was flagged
The code stores long-lived user/page tokens in the skill directory, while SKILL.md says tokens are saved to ~/.config/fbpage/tokens.json.
Skill content
const TOKENS_FILE = join(SKILL_DIR, "tokens.json");
Recommendation
Store tokens in the documented user config path or update the documentation and metadata; users should inspect and protect the actual tokens.json file.
What this means
A different or malicious 'bird' binary on the user's PATH could run with the user's environment, including X session-cookie variables.
Why it was flagged
The script depends on an external 'bird' executable that is not declared in the registry requirements or package dependencies.
Skill content
const out = execFileSync("bird", args, {Recommendation
Declare the binary requirement with provenance and installation instructions, or avoid invoking undeclared external executables.
What this means
Running the hidden workflow can execute local code outside the reviewed npm package and pass sensitive environment variables to it.
Why it was flagged
The included script executes an external command for X searches, which is unrelated to the documented Facebook Page management commands.
Skill content
execFileSync(
"bird",
["search", query, "-n", String(count), "--json", "--plain"],Recommendation
Avoid running x_digest_collect.js or x_digest_to_fb.js unless you have verified the external 'bird' command and intentionally want this workflow.
What this means
Misleading, unwanted, or inappropriate X content could be republished to a Facebook Page if the digest script is run.
Why it was flagged
The script pulls content from X search results and later builds a Facebook caption from those tweets, creating a cross-platform propagation path for untrusted social content.
Skill content
const tweets = [
...birdSearchJson(q1, 12),
...birdSearchJson(q2, 12),
];Recommendation
Require human review of the selected tweets, image, and generated caption before posting to Facebook.
What this means
A user could unknowingly publish promotional content that was not part of their intended Facebook Page management task.
Why it was flagged
The hidden digest script adds promotional Clawdbot links to Facebook posts, while the skill is presented as a generic Facebook Page manager.
Skill content
lines.push("Theo dõi thêm: clawd.bot | github.com/clawdbot/clawdbot");Recommendation
Disclose promotional posting behavior prominently or remove it from the skill package.