Skillv1.0.4

ClawScan security

Boring Facebook Publisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 27, 2026, 9:00 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with a Facebook-publishing purpose (it uses a Boring MCP connector link as the credential and describes the needed calls), but there are minor metadata inconsistencies and important privacy implications (uploads of local media to a third-party cloud) you should understand before installing.
Guidance: This skill appears to do what it says: it posts to Facebook Pages via the Boring service. Before installing: (1) Understand that your 'MCP Connector' URL contains an embedded auth token and grants Boring access to act on your Pages — do not paste it in public channels. (2) Media files you provide (local or URLs) will be uploaded to Boring's Google Cloud Storage and transmitted to Facebook; avoid uploading highly sensitive files. (3) Verify the Boring service (boring.aiagent-me.com) and its privacy/security policies and consider using a page/account with limited permissions for initial testing. (4) Note the registry metadata mismatch (it lists no primary credential while the SKILL.md requires the MCP link) — ask the publisher to clarify how the connector is supplied/stored if you need stronger assurance. If you are uncomfortable with third-party hosting of media or with handing an embedded token to a connector, do not install or use this skill.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (publish/schedule Facebook Page posts) matches the runtime instructions (list accounts, upload media, publish/schedule). However, registry metadata lists no primary credential while the SKILL.md requires an MCP Connector link (a URL that embeds an auth token); this is a metadata inconsistency but not a functional mismatch — the MCP link is the actual credential the skill needs.
Instruction Scope: noteInstructions are scoped to posting workflows (list accounts, prepare media, publish/schedule, manage scheduled posts). They explicitly require uploading local files or remote URLs to Boring's Google Cloud Storage so media is publicly accessible for Facebook — this is expected for a publishing service but is a privacy/data-flow concern because local files are transmitted off your device to a third party.
Install Mechanism: okNo install spec or code files are included (instruction-only). This minimizes disk write/execution risk; there is nothing to download or run locally from unknown URLs.
Credentials: noteThe skill requests no environment variables or local secrets, but it does require an MCP Connector link which embeds an auth token and functions as the credential. That is proportional to the stated purpose, but the registry claims 'no primary credential' which contradicts the SKILL.md. Treat the MCP link like a password.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. Model-driven autonomous invocation is allowed (the platform default) but not, by itself, an extra red flag here.