ClawHub
Back to skill

Security audit

fboc

Security checks across malware telemetry and agentic risk

Overview

This Facebook Page management skill mostly matches its stated purpose, but it handles powerful page credentials and live posting actions too loosely for automatic trust.

Install only after reviewing the code and using a non-production Facebook Page first. Treat the token as a powerful credential, avoid running setup with a real token in shared shells, rotate any token used with this package, and do not run the test command unless you accept that it may create a live post.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (24)

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The command is documented as showing configuration and the implementation also reveals a portion of the stored Facebook access token. Even partial credential disclosure is risky because CLI output may be captured in terminal logs, screenshots, shell history tooling, CI logs, or shared support sessions, exposing sensitive authentication material unnecessarily.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The file-level documentation states the command hides or unpublishes a post, but the code first issues a DELETE request against the post. This mismatch can cause operators or downstream agents to perform a more destructive action than intended, creating a safety issue through deceptive or inaccurate behavior.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The inline comments and control flow describe hiding as a fallback step, while earlier documentation presents hiding as the primary behavior. This inconsistency increases the chance of misuse, especially in an agent skill where callers may rely on comments or docs to determine whether an action is reversible or destructive.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The command is presented as a connection/permissions test, but it performs a real write to the Facebook Page and then attempts to delete it. This creates unintended side effects on an external account, and if deletion fails the page may be left with an unexpected public post, which is risky for production or customer-facing pages.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The function reads a Facebook page access token from local configuration but never includes it in the outbound Graph API request. As written, the command cannot authenticate properly, so the documented security-sensitive action does not work as intended and may mislead users into believing posting occurs securely when authentication is actually omitted.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill advertises scheduled posting, but the Facebook request body only includes `scheduled_publish_time` and omits the flags typically required to keep the post unpublished until that time. This can cause the post to be published immediately instead of later, creating integrity and operational risk because users may disclose content earlier than intended.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
This package presents itself as a CLI tool, but it also runs a postinstall script automatically during installation. Automatic install-time execution is risky because it causes code to run before a user explicitly invokes the CLI, and on Windows it launches PowerShell with ExecutionPolicy Bypass, which weakens a common safety control and increases the chance of unexpected system modification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code reads a persisted access token and displays part of it to stdout without warning or masking sufficient to prevent disclosure. In this skill context, the token is a live Facebook Page credential, so exposing it in normal command output increases the chance of credential leakage through logs, recordings, or shoulder-surfing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code places the Facebook access token directly in the request URL query string when calling the Graph API. Even over HTTPS, query-string credentials are more likely to be exposed through logs, debugging output, proxy infrastructure, crash reports, browser/history equivalents in tooling, or monitoring systems, increasing the chance of token disclosure and account compromise.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The command persists a Facebook Page access token to disk in plaintext JSON without any explicit warning, permission-hardening, or secure storage mechanism. This is dangerous because anyone with local access to the workspace, backup systems, logs, or synced home directories could recover the token and use it to post to or manage the Facebook Page.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code performs a live POST and DELETE against Facebook immediately, with no upfront warning, consent, or dry-run default. Users may reasonably expect a non-destructive connectivity test, so this can cause unauthorized or surprising modifications to an external service and may leak operational activity to followers if cleanup fails.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code places the Facebook access token directly in the request URL query string when calling the Graph API. Even over HTTPS, query parameters are more likely to be exposed through logs, error messages, monitoring systems, browser/history tooling, proxy infrastructure, or accidental console/debug output, which increases the chance of credential leakage and subsequent unauthorized page access.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code places the Facebook access token directly in the URL query string for GET requests. Query-string credentials are commonly exposed via logs, proxy histories, browser/debug tooling, error messages, and telemetry, so this increases the chance of token disclosure even though the transport uses HTTPS.

Missing User Warnings

High
Confidence
98% confidence
Finding
The code logs the full request path and request body for every Facebook API call. Because the access token is appended into the URL query string, these debug statements can expose live user or page access tokens to terminal output, logs, CI systems, or support transcripts, enabling unauthorized API use and account/page abuse.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code stores a Facebook Page access token in plaintext JSON under the user's home directory without any warning, encryption, or permission hardening. If the local machine is shared, compromised, backed up insecurely, or the file is read by other local processes, the token can be stolen and used to post to or otherwise access the configured Facebook Page.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The setup command instructs users to pass the access token as a CLI argument, which commonly exposes secrets through shell history, process listings, audit logs, and terminal recordings. That creates an unnecessary credential disclosure path before the token is even written to disk, increasing the chance of account or page compromise.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The setup command requires a Facebook access token as a positional CLI argument, which can expose the secret through shell history, terminal logging, audit trails, and process listings visible to other local users. In this skill’s context, the token grants page-posting capabilities, so accidental disclosure can lead to unauthorized posting, deletion, or scheduling activity on the connected Facebook Page.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to create Facebook posts and comments against live Pages without clearly warning that these commands will publish real content to an external service. In an agent/skill context, this increases the chance of accidental spam, reputational damage, or unintended actions on production social media assets.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README recommends storing Facebook access tokens in a local config file and PowerShell profile, which can persist secrets on disk and in shell startup files. Although it says not to commit real secrets, it does not adequately warn about profile persistence, local exposure, or safer secret-handling practices in shared or automated environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The examples include a token-like value (`EAABwzLixnjYBO...`) that resembles a real Facebook access token, but the text does not clearly label it as a fake placeholder. Users may copy, reuse, or mishandle it as if it were real, normalizing secret exposure and increasing the risk of credential leakage in documentation and logs.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The delete comment command is a destructive action, but unlike post deletion, it is not accompanied by a clear warning that deletion is permanent. This can lead to accidental destructive use, especially in an automation or agent-driven context where commands may be executed without careful human review.

Credential Access

High
Category
Privilege Escalation
Content
console.log('🔄 Fetching Page Access Token...');

  try {
    // Step 1: Get Page Access Token using User Token
    const pageTokenResponse = await makeHttpsRequest(
      'GET',
      `/${page_id}?fields=access_token&access_token=${userToken}`,
Confidence
94% confidence
Finding
Access Token

Credential Access

High
Category
Privilege Escalation
Content
console.log('Configuration:');
    console.log(`  Page ID: ${pageId}`);
    console.log(`  Access Token: ${accessToken.substring(0, 15)}...${accessToken.substring(accessToken.length - 5)}`);
    console.log(`  Page Name: ${pageName || '(will fetch from API)'}`);
    console.log('');
Confidence
91% confidence
Finding
Access Token

Credential Access

High
Category
Privilege Escalation
Content
"description": "Configuration file containing page_id, access_token, and page_name"
  },
  "security_notes": [
    "Never share your access token",
    "Page tokens last 60 days",
    "Regenerate if compromised",
    "Use Page tokens, not User tokens"
Confidence
89% confidence
Finding
access token

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal