Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Facebook Fanpage Inbox for Meta Business Suite
v1.0.0Check Facebook page inbox messages via Meta Business Suite browser automation. Use when asked to check Facebook messages, reply to FB customers, or manage Fa...
⭐ 0· 652·1 current·1 all-time
byPicSee Inc.@picseeinc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description align with the provided artifacts: SKILL.md, README, and scripts implement inbox listing and message extraction via browser automation. The skill does not request unrelated credentials or binaries. The setup wizard uniformly writes/reads config.json in the skill workspace, matching the documented configuration flow.
Instruction Scope
Runtime instructions limit filesystem access to the skill workspace and only read/write skills/meta-fb-inbox/config.json. Browser automation calls target business.facebook.com URLs only. The SKILL.md emphasizes using the isolated profile. Minor documentation-scope mismatch: README claims images are 'downloaded to ~/Downloads by default', but the included scripts only extract image URLs (no code that explicitly downloads files to ~/Downloads). Also README mentions replying/labels/notes features; the repository includes DOM-scraping scripts for reading/listing but does not include an explicit send/reply script (replying could nevertheless be performed via browser actions as described in SKILL.md). These are functional/documentation inconsistencies rather than evidence of exfiltration or unrelated access.
Install Mechanism
No install spec; instruction-only plus small local scripts. No downloads from external URLs, no archive extraction. This is low-risk from an install perspective.
Credentials
The skill requires no environment variables, no credentials, and no external config paths. It only stores a local config.json in its workspace. Requested access is proportional to the described capability.
Persistence & Privilege
always:false and no modifications to other skills or system-wide settings. It reads/writes only its own workspace config.json (normal). It can run autonomously by platform default, which is expected for skills that automate browser interactions; no extra privileges are requested.
Assessment
This skill appears to do what it says: browser-automated reading of Meta Business Suite inboxes using an OpenClaw isolated browser profile and a local config.json. Before installing, consider: 1) You will need to log in to Facebook inside the OpenClaw isolated browser (the skill does not provide Facebook credentials). 2) Verify the README claims you care about (e.g., it says images are downloaded to ~/Downloads and that you can reply/manage labels) — the included scripts only extract chat lists and message content/URLs; sending replies or downloading images may be implemented via browser actions described in SKILL.md rather than separate scripts, so test those flows on a non-production page first. 3) Because the skill automates a logged-in browser, it can access any data visible in that session — only grant the agent autonomy if you trust it to operate without user confirmation. 4) Inspect config.json after setup and keep the skill's workspace restricted to avoid accidental exposure of page URLs. If you want higher assurance, run the setup manually and test read-only flows first (listing chats and extracting message previews) before enabling any automated reply workflows.Like a lobster shell, security has layers — review code before you run it.
latestvk974dgma7ydw0js32qvkh4hjz181qv9a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.