ClawHub

Facebook Page

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about managing a Facebook Page, but it gives an agent broad power to post, delete, hide, publish, and moderate public content using long-lived local credentials without built-in confirmation controls.

Install only if you intentionally want an agent to manage a real Facebook Page. Use the minimum Meta permissions, remove FB_APP_SECRET after setup, restrict the credentials file, avoid synced or shared folders, rotate the Page token if exposed, and manually confirm any action that posts, schedules, deletes, hides, publishes, or moderates content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation says FB_APP_SECRET is only needed during token exchange and should be removed, but the sample code persists it in credentials.json. Storing an app secret long-term on disk unnecessarily increases secret exposure and can enable broader compromise of the Meta app if the host, backups, or repository are accessed.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly says a never-expiring Page token will be saved locally, but it does not clearly warn that this is a highly sensitive secret whose compromise enables unauthorized Facebook Page actions. Even with restricted file permissions, storing long-lived credentials on disk materially increases risk if the host is compromised, backed up insecurely, or shared between users.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The README advertises destructive operations such as delete, hide, reply, scheduling, and create actions without warning users that some actions may be irreversible or publicly visible. In an agentic context that converts natural language into API calls inline, lack of a cautionary warning increases the chance of accidental destructive or reputation-impacting actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill includes destructive actions such as deleting posts, deleting comments, hiding comments, and publishing drafts without requiring an explicit confirmation step. In an agent setting, this increases the chance of accidental or prompt-induced irreversible social media changes against a production page.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal