ClawHub

Meta Business Suite

Security checks across malware telemetry and agentic risk

Overview

This skill matches Meta Business automation, but it can post, comment, upload, and delete business social content using sensitive tokens without enough guardrails.

Install only if you are comfortable giving an agent access to operate a Meta business account. Prefer explicit META_PAGE_ACCESS_TOKEN, META_PAGE_ID, and IG_ID values over the token cache, use least-privilege tokens, verify the target Page, Instagram account, post, media, and file path before each action, and require manual approval for publish, comment, upload, schedule, and delete operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents delete operations for Facebook and Instagram content without an explicit warning that deletion is irreversible and may cause permanent data loss. In an automation context, users may copy/paste commands into scripts or agents, increasing the chance of accidental destructive actions at scale.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs reading long-lived access tokens from a local cache file containing sensitive credentials, but does not clearly warn about token exposure risks such as accidental disclosure via shell history, logs, backups, or overly broad file access. Because these tokens authorize posting, deletion, and account access, compromise could enable unauthorized actions against business social accounts.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal