Back to skill
Skillv1.0.16
VirusTotal security
Facebook Page · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:47 AM
- Hash
- 0c3a71b5faddbee2f8a67f73b747c4f9516a54dddc67e9e0825d7d4c77340732
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: facebook-page Version: 1.0.16 The skill is designed for legitimate Facebook Page management, explicitly limiting network calls to `graph.facebook.com` and providing security-conscious instructions for handling credentials (e.g., removing `FB_APP_SECRET`, restricting file permissions). However, the core functionality involves the AI agent constructing and executing PowerShell commands (`Invoke-RestMethod`, `Get-Content`, `Set-Content`) based on user input. This pattern, while necessary for the skill's purpose, introduces a significant vulnerability for command injection if the agent's input sanitization is imperfect, as user-controlled strings could be interpolated directly into shell commands. This is a vulnerability in the execution model rather than intentional malice within the skill's instructions, hence 'suspicious'.
- External report
- View on VirusTotal