ClawHub

Facebook Group Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it stores a long-lived Facebook session and can copy private group feed screenshots into an agent workspace and vision-model workflow.

Install only if you are comfortable with an agent reusing a local Facebook login session and processing group content. Use it only for groups you are authorized to monitor, protect or delete scripts/.browser-data/ like a password, prefer --no-shots when images are not needed, avoid broad cron prompts, and keep screenshot directories out of shared workspaces, backups, and commits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly instructs the agent to read and write local files such as persistent browser session data, seen-post tracking, and screenshots, but it does not declare those capabilities as permissions. This creates a transparency and governance gap: users and the platform may not realize the skill persists authentication material and scraped content on disk, increasing the risk of unintended data exposure or misuse.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrases are broad enough to match ordinary user requests like checking Facebook or marketplace activity, which can cause the skill to activate unexpectedly. In this skill's context, accidental activation is more sensitive because it can launch browser automation, use a persistent logged-in Facebook session, scrape private or semi-private group content, and save screenshots locally.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill stores a persistent Facebook login session locally in scripts/.browser-data/, but the description does not present this as a clear user-facing warning. Persistent authenticated session storage is sensitive because anyone with local access or later tool access may be able to reuse the session, potentially gaining ongoing access to the user's Facebook account and group data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow explicitly sends scraped Facebook screenshots and extracted post context to an external vision-capable model, but this data transfer is not clearly disclosed as a user-facing warning. This is dangerous because group content may contain personal data, private discussions, photos, or marketplace information that users may not expect to be transmitted to a third-party model provider for processing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup guide explicitly states that an authenticated Facebook session is stored in `scripts/.browser-data/` and may remain valid for weeks to months, but it does not warn about the sensitivity of that data or the need to protect, rotate, or avoid sharing it. Persistent browser profiles commonly contain cookies, local storage, and session artifacts that can allow account hijacking if copied or exposed, which is especially relevant for a skill built around automated authenticated scraping.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This skill automates scraping Facebook group content and captures stitched screenshots of the feed, which can contain personal data, private group discussions, names, profile details, and images. The script stores session state and screenshots locally without any explicit consent flow, privacy warning, redaction, or guardrails restricting use to authorized/public groups, creating a real risk of unauthorized collection and retention of sensitive data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal