ClawHub

Boring Facebook Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Facebook Page publishing connector whose main risk is that its MCP link acts like a password and can publish or schedule public posts.

Install only if you trust Boring with Facebook Page publishing access. Keep the MCP connector URL private, regenerate it if exposed, connect only intended Pages, and require confirmation before publishing, scheduling, or canceling posts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

45/45 vendors flagged this skill as clean.

View on VirusTotal