ClawHub

Keyapi Facebook Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a KeyAPI-backed public Facebook analysis skill with some local credential and cache persistence users should manage, but no artifact evidence of hidden, destructive, or deceptive behavior.

Install only if you trust KeyAPI with the Facebook URLs, IDs, and query parameters you submit. Prefer setting KEYAPI_TOKEN through your shell or secrets manager, avoid committing .env, keep KEYAPI_SERVER_URL unset unless you trust the endpoint, use --platform facebook and documented tools, and clear .keyapi-cache when you no longer want results stored locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script is presented as a Facebook-analysis skill, but it accepts arbitrary platforms and arbitrary MCP tool names, making its actual authority far broader than the manifest suggests. This scope mismatch can mislead users and orchestrators into granting or invoking capabilities outside the expected Facebook-only context, increasing the chance of unauthorized data access or unintended external actions.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The runner automatically invokes an additional tool, batch_download_cover_images, that is outside the stated Facebook-analysis purpose and performs extra network/proxy behavior on discovered URLs. Hidden secondary tool execution expands the effective capability surface and can cause data to be sent to external services without the caller clearly opting in.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs users to cache Facebook API responses locally under .keyapi-cache without warning that the files may contain profile, group, event, or analysis data that remains on disk after execution. This can expose collected public-but-sensitive intelligence to other local users, backups, logs, or later unintended reuse, especially on shared systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When KEYAPI_TOKEN is missing, the script interactively prompts for it and immediately persists it to .env without a prominent advance warning or explicit consent step for storage. Persisting credentials by default can expose secrets to other local users, accidental commits, backups, or workspace-sharing scenarios.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script caches full API responses to disk by default, which may include personal data, identifiers, or other sensitive third-party content retrieved from the service. Silent local persistence increases privacy and data-retention risk, especially in shared environments or when users believe the tool is performing transient analysis only.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal