v1.0.0

Facebook Fanpage Inbox for Meta Business Suite

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:00 AM.

Analysis

The skill mostly matches its Facebook inbox purpose, but one browser-automation instruction could execute unintended JavaScript from a customer name inside a logged-in Meta Business session.

GuidanceReview carefully before installing. It is purpose-aligned for Facebook Business inbox work, but only use it with an account you trust the agent to operate, confirm replies or inbox changes before they are made, avoid long-term storage of conversation URLs unless needed, and ask the publisher to fix the unescaped JavaScript evaluation pattern.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityHighConfidenceHighStatusConcern

SKILL.md

request:{"kind":"evaluate","fn":"function() { ... if (nameEl && nameEl.textContent.trim() === '<customer_name>') { nameEl.click(); ... } }"}

The instruction tells the agent to replace <customer_name> inside a JavaScript string that is evaluated in the logged-in Facebook page. A crafted customer name or unsafe substitution could break out of the string and run unintended page-context JavaScript.

User impactA maliciously crafted Facebook contact name could cause the agent to run unintended code while it is logged into Meta Business Suite.

RecommendationAvoid inserting names directly into evaluated JavaScript. Use snapshot/ARIA refs or safely encode values with a parameterized approach such as JSON.stringify before evaluation.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Code file presence: 3 code file(s)

The package includes local scripts and manual setup instructions, but the registry metadata does not identify an upstream source or homepage.

User impactUsers have less provenance information for deciding whether to trust the included setup and browser-automation code.

RecommendationReview the included scripts before running setup, and prefer packages with a verifiable source repository or publisher history.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

README.md

- ✅ Reply to customer messages
- ✅ Manage labels (tags) for each conversation
- ✅ Manage notes (internal memos) for each contact
...
- Sessions may expire; re-login required periodically

The skill is intended to operate through an authenticated Meta Business Suite session and can mutate customer-facing or internal business inbox state.

User impactInstalling and using the skill gives the agent practical ability to view customer conversations and perform actions as the logged-in Facebook page operator.

RecommendationUse a least-privileged Facebook account where possible, keep the isolated browser profile, and require explicit user confirmation before sending replies or changing labels/notes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceMediumStatusNote

README.md

The agent can store these URLs and reuse them for fast access later.

Direct conversation URLs include page and thread identifiers and are described as reusable persistent context, but the artifacts do not specify storage location, retention, or user approval rules.

User impactCustomer-thread links may remain available to the agent across later tasks, which can expose business conversation identifiers longer than intended.

RecommendationStore conversation URLs only with user approval, keep them in a clearly scoped location, and provide a way to delete or expire saved links.