Facebook Publisher

Security checks across malware telemetry and agentic risk

Overview

This Facebook publishing skill is mostly purpose-aligned, but it asks users to trust a long-lived connector token for public posting while one security note incorrectly says no content is uploaded or modified.

Install only if you trust Boring with posting access to the connected Facebook Pages. Treat the MCP link like a password, connect only the Pages needed, revoke it if exposed, and require explicit human confirmation before publishing, scheduling, or canceling posts.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

High

Confidence: 95% confidence
Finding: The security/data-handling section materially understates what the skill and backing service can do by claiming only analytics metrics are retrieved and no content is uploaded or modified, while later instructions explicitly upload media, publish posts, schedule posts, and cancel scheduled posts. This kind of contradictory disclosure can mislead users or downstream reviewers about the real write-capable scope of the embedded MCP token, increasing the chance of unsafe deployment, oversharing of credentials, or unintended content publication.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal