ClawHub

Facebook Fanpage Inbox for Meta Business Suite

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent for Facebook inbox automation, but it gives an agent broad control over a logged-in Meta Business inbox and can save customer content locally.

Install only if you are comfortable letting the agent use a logged-in Meta Business inbox. Use a dedicated low-privilege Meta account where possible, review replies and label or note changes before they are submitted, avoid saving conversation URLs unless needed, and treat downloaded images in ~/Downloads as sensitive untrusted customer files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill directs the agent to download message-embedded images to the local filesystem using curl, which expands capability from inbox inspection/reply into persistent file acquisition. This creates unnecessary data exfiltration and storage risk, especially because message images may contain sensitive customer content and the workflow does not require explicit user confirmation or tight validation of URLs before download.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The README instructs users to store Business Suite inbox URLs with page asset identifiers in local config without warning that these values can reveal sensitive account/page metadata and operational targets if the file is exposed. While not a secret credential by itself, this persistence increases reconnaissance value and may aid misuse of the local automation environment.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README advertises extracting messages with images but does not warn early that customer-supplied images are downloaded to the local filesystem. Downloading untrusted content can create privacy, retention, and malware-handling risks, especially on operator workstations where downloaded files may be synced, indexed, or opened automatically.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The description uses broad trigger phrases like checking Facebook messages, replying to customers, or managing inboxes, which can cause the skill to activate on loosely related requests. Over-broad invocation increases the chance of unintended browser automation against a live business account, including reading or sending messages when the user did not specifically intend to invoke this skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs piping externally sourced image URLs into curl for download without warning the user that this triggers network requests and writes files locally. That can leak authenticated or sensitive resource access patterns, persist customer data on disk, and expose the host to unsafe or unexpected downloads outside the core inbox-management need.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script extracts full message text and image URLs directly from the Facebook inbox DOM, which exposes private customer communications and media metadata to the calling agent without any in-file disclosure, minimization, or consent guardrails. In this skill context, accessing inbox content is expected functionality, but it still creates a real privacy and data-exposure risk because sensitive customer information can be collected, retained, or forwarded more broadly than necessary.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal