Skillv1.0.10

ClawScan security

FB Inbox Forward · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 8:52 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, required files, and runtime instructions are consistent with its stated purpose (forwarding Facebook Page inbox messages to an OpenClaw channel); it reads FB credentials from a local credentials file and only calls graph.facebook.com plus the local openclaw CLI.
Guidance: This skill is coherent with its description, but review these points before installing: - Privacy: the worker forwards full message text to the configured OpenClaw channel/target. Make sure that recipient channel is trusted and appropriate for message content. - Credentials: it reads FB_PAGE_TOKEN and FB_PAGE_ID from ~/.config/fb-page/credentials.json. Ensure that file is created and secured by the fb-page skill and that you trust the source of those credentials. - Files written: the skill writes worker.ps1, listener.log, listener-state.json, and a PID file under ~/.config/fb-inbox-forward. The SKILL.md recommends restricting permissions (chmod/icacls); verify those permissions after setup. - Autonomy: the author says the listener is opt-in. The skill itself does not set always:true, but platform agents can be invoked autonomously; only run/enable the background listener if you explicitly want it running. - Rate/permissions: default polling every 15s may trigger Facebook rate limits; consider increasing POLL_INTERVAL_SEC. Confirm the app has the required pages_read_engagement permission. If you want extra caution: inspect the generated worker.ps1 exactly as saved on disk before starting the listener, and test with a throwaway Page or a private channel target first.

Review Dimensions

Purpose & Capability: okName/description match the actual behaviour: the skill polls Facebook Page conversations and forwards messages to an OpenClaw channel. The declared requirements (powershell/pwsh and openclaw CLI) and required config paths (~/.config/fb-page/credentials.json and ~/.config/fb-inbox-forward/config.json) align with that purpose.
Instruction Scope: noteInstructions read credentials and config from the user's home directory and write a worker script and state/log files under ~/.config/fb-inbox-forward. Those actions are within the stated purpose, but the skill will forward full message text to the configured OpenClaw target (while keeping only sender name+conv ID in logs) — users should be aware message content leaves Facebook to the target channel.
Install Mechanism: okInstruction-only skill with no install spec or third-party downloads. No files are shipped as binaries; the worker script is produced locally from the SKILL.md instructions. This is the lowest install risk profile.
Credentials: noteNo environment variables requested. The skill reads a local credentials file created by the fb-page skill (FB_PAGE_TOKEN and FB_PAGE_ID) — this is proportional to the feature, but the credential file is sensitive. The skill does not request unrelated secrets or cloud credentials.
Persistence & Privilege: noteThe skill stores a background worker script and state/log files under the user's config directory and is intended to run as an opt-in background listener. always:false (not forced-in) and persistence is optional, which is appropriate; however 'never starts autonomously' is an instruction only — platform-level enforcement isn't shown, so users should ensure they explicitly opt in when launching the listener.