FB Inbox Forward
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent with its stated purpose, but it handles sensitive Facebook Page credentials, forwards private inbox content, and can run an opt-in background listener.
Before installing or using this skill, confirm you want Facebook Page inbox messages copied into the selected OpenClaw channel, use a least-privileged Page token, protect the config files, and stop the background listener when forwarding is no longer needed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The worker can use the configured Facebook Page token to access Page inbox data allowed by that token.
The skill reads a local Facebook Page credential file and uses the page token and page ID at runtime. This is expected for the integration, but it is sensitive account authority.
$fb = Get-Content "$HOME/.config/fb-page/credentials.json" -Raw | ConvertFrom-Json $token = $fb.FB_PAGE_TOKEN $pageId = $fb.FB_PAGE_ID
Use a token scoped only to the intended Page and permissions, keep the credential file protected, and revoke or rotate the token when no longer needed.
Private Facebook Page messages may appear in the configured OpenClaw destination and become visible to whoever has access there.
The skill copies private Facebook inbox content into an OpenClaw channel/target. This matches the stated purpose, but users should understand the data boundary.
Transmits: sender name + full message text + conv ID to NOTIFY_CHANNEL/NOTIFY_TARGET via openclaw message send. Message text goes to the channel destination only — never written to disk.
Verify the NOTIFY_CHANNEL and NOTIFY_TARGET before starting the listener, and only forward messages to destinations with appropriate access controls.
Once started, the listener may continue polling and forwarding new messages until the user stops it.
The skill can create a long-running background listener. It is disclosed as optional and opt-in, so this is a persistence note rather than a concern.
"persistence": { "type": "background-process", "code": "inline", "optional": true, "description": "Polls Facebook Page conversations every POLL_INTERVAL_SEC seconds (default 15). ... Never starts autonomously — opt-in only." }Start the listener only when you want continuous forwarding, confirm the stop/status commands are available, and periodically check the listener log and process state.