ClawHub

Facebook Messenger

Security checks across malware telemetry and agentic risk

Overview

This is mostly a normal Facebook Messenger integration, but it also documents a broad raw web-request mode that can target full URLs outside Messenger without clear limits.

Install only if you trust Membrane and are comfortable giving an agent authenticated Messenger access. Prefer listed Membrane actions, review any command that uses POST/PATCH/DELETE, custom headers, request bodies, or stored credentials, and avoid full-URL proxy requests unless you explicitly intend that destination.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as a Facebook Messenger integration, but its documented proxy mode permits raw requests and even full-URL requests outside the stated Messenger scope. That creates a scope mismatch where an agent may reasonably treat the skill as narrowly scoped while actually gaining a generalized authenticated HTTP capability, increasing the risk of SSRF-like behavior, policy bypass, or unintended data exfiltration via the Membrane proxy.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Allowing a full URL means the skill can direct requests to arbitrary destinations, which is unrelated to the stated purpose of interacting with Facebook Messenger data. In an agent setting, this effectively expands the skill into a generic network primitive that can be abused to reach unintended services, potentially carrying privileged authentication context or bypassing normal tool restrictions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The proxy guidance emphasizes convenience and automatic authentication but omits a warning that full-URL requests may send authenticated traffic to arbitrary endpoints. This missing security qualifier makes misuse more likely by encouraging operators or agents to treat proxy requests as harmless Messenger API calls when they may actually target unrelated destinations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal