ClawHub

Facebook Page Manager

v1.0.1

Quản lý và đăng nội dung tự động lên Facebook Fanpage qua Graph API. Hỗ trợ đầy đủ: post text/ảnh, carousel (nhiều ảnh), video, Reels, Story (ảnh/video), hẹn...

0· 78·0 current·0 all-time
byMCB AI@mcbaivn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the code and docs: the script and references implement posting text/photo/video/carousel/story, scheduled posts, and comment management via Facebook Graph API v19.0. The required operations (upload files, call facebook.com endpoints) are expected for this purpose.
Instruction Scope
SKILL.md and the script instruct the user to create a local fb_config.json or set FB_ACCESS_TOKEN/FB_PAGE_ID env vars and to upload local media files. That scope is appropriate, but SKILL.md does not enumerate the optional env vars the code will read (FB_ACCESS_TOKEN, FB_PAGE_ID). The instructions also recommend creating long-lived (never-expiring) Page tokens — a security decision the user should consider carefully.
Install Mechanism
This is an instruction-only skill with a small Python script and no automated install spec; SKILL.md suggests installing the single dependency 'requests' via pip. No remote downloads or archives are performed by the skill itself.
!
Credentials
The skill requires a Facebook Page Access Token (sensitive credential) and Page ID. The registry metadata declares no required credentials/primaryEnv, but the code will read FB_ACCESS_TOKEN and FB_PAGE_ID or a local fb_config.json — this mismatch should be documented. The references encourage obtaining a long-lived/never-expiring Page token, which increases risk if that token is leaked or committed. Ensure tokens are stored securely and not shared or committed.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system settings. It runs as a CLI-style script invoked by the agent; autonomous invocation is allowed (platform default), which means an agent could call it without further prompts — normal for skills but worth noting when granting token access.
Assessment
This skill implements exactly what it says: it posts and manages Facebook Page content via Graph API. Before installing: (1) Understand it needs a Page Access Token and Page ID — store these securely (prefer env vars or a protected config file) and add the config file to .gitignore as recommended. (2) Avoid using a never-expiring token if you can; prefer short-lived tokens exchanged for long-lived tokens only when necessary and rotate/revoke tokens if compromised. (3) Confirm you trust the skill owner and review the included fb_post.py (it only calls facebook.com endpoints and opens files you supply). (4) Be aware autonomous agent invocation is enabled by default — an agent with access to your token could post or upload files without additional prompts. If you have strict security requirements, run the script locally with tokens you control rather than granting broad agent access.

Like a lobster shell, security has layers — review code before you run it.

latestvk979axza2rq66zzj3x3dhk3de184cwqe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments