Clawhub Skill Lite
WarnAudited by ClawScan on May 10, 2026.
Overview
Review before installing: this instruction-only skill sends you to a third-party site to connect a Facebook Page that can post, reply, book, and collect leads, but the artifacts do not define OAuth scopes, approval controls, or data retention.
Only connect a Facebook Page if you have verified PageClaw/OneChat, understand the exact Meta permissions being granted, and can require human approval for public posts, replies, reviews, bookings, and customer-data handling.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The connected service or agent could publish posts, reply to customers, or manage reviews in ways that affect your business reputation.
These are public and customer-facing business actions, but the artifacts do not define approval gates, rate limits, rollback, or safe defaults for agent-triggered posting and replies.
**Auto-Reply** — Respond to messages and comments ... **Content Posting** — Create and schedule posts ... **Review Management** — Monitor and reply to reviews
Use only if you can configure manual approval for posts, replies, and bookings; start with limited permissions or a test Page and confirm rollback/review controls.
Granting access may allow a third-party service to manage your Facebook Page until permissions are removed.
The skill requires delegated Facebook Page access through an external website and indicates credential/session storage, but does not specify exact OAuth scopes, Page permissions, duration, or revocation process.
PageClaw handles Facebook authentication through its Meta-approved integration ... You connect your Page on the PageClaw website ... All credentials stored encrypted
Before connecting, verify the exact Meta OAuth scopes, which Pages are authorized, how to revoke access, and whether a least-privileged Page role can be used.
Customer information from messages or bookings could be processed or stored by an external provider under terms not shown in the skill artifacts.
Customer, lead, booking, and potentially sensitive industry data would flow through the PageClaw service, but the artifacts do not describe retention, sharing, deletion, consent, or data-boundary controls.
**Lead Capture** — Qualify inquiries and collect customer information; **Booking & Reservations** — Handle appointments, table reservations, or room bookings
Review PageClaw's privacy/data-processing terms, retention settings, export/deletion controls, and any compliance requirements before using it with customer or medical/booking data.
You must rely on the external provider's website and policies for the behavior that actually manages your Page.
There is no local code or install package to inspect, and the actual Facebook integration is provided externally, so this review cannot validate the implementation.
Source: unknown ... No install spec — this is an instruction-only skill ... No code files present
Verify the provider identity, homepage, support contact, terms, and Meta app details before granting access.
These claims may encourage granting broad Page access without independently checking the provider and permissions.
The skill makes strong trust and security claims that may be true, but the supplied artifacts do not independently substantiate them.
Meta-approved integration ... Meta Business Partner serving 10,000+ Pages daily ... All credentials stored encrypted
Confirm the Meta Business Partner/app status and security documentation directly from trusted Meta and provider sources.