Skillv1.0.1

ClawScan security

Facebook Publisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 27, 2026, 2:39 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and instructions line up with its stated purpose (publishing to Facebook Pages via a third‑party connector), but it relies on a powerful embedded token and has a few minor documentation/privilege ambiguities you should understand before installing.
Guidance: This skill delegates Facebook publishing to a third‑party service (boring.aiagent-me.com) via an MCP link that contains an embedded auth token. Before installing: (1) Verify you trust boring.aiagent-me.com and inspect the linked open‑source repo if possible; confirm the MCP link domain is correct and not a phishing variant. (2) Treat the MCP link like a password — do not paste it in public chat or share it. (3) Be aware the token can publish and upload media to your Pages; provide it only for Pages you control and be prepared to revoke it if you see unexpected activity. (4) Understand that using local files or Google Drive links will transmit that content to the Boring service; avoid sending sensitive files. (5) If you need stronger assurance, test on a throwaway Page/account and verify the connector's privacy/security documentation and ability to revoke tokens. If you want, I can suggest checks to validate the Boring service's code and hosting before you proceed.

Review Dimensions

Purpose & Capability: okThe skill is an instruction-only bridge to the Boring (boring.aiagent-me.com) MCP connector for publishing to Facebook Pages. Requesting an MCP connector link (which embeds an auth token for the third‑party service) is coherent with the stated purpose of creating and scheduling page posts.
Instruction Scope: noteThe SKILL.md explicitly instructs the agent to call functions like boring_list_accounts, boring_upload_file (with local file_path), boring_upload_from_url, and boring_publish_post. Asking to upload local files is reasonable for media posting, but the skill metadata does not explicitly declare local file access; users should expect the agent to read user-provided local files and to send them to the third‑party service. The doc also accepts Google Drive links and remote URLs as media sources; those could expose content to Boring when used.
Install Mechanism: okNo installation or third‑party downloads are required—this is an instruction-only skill. Nothing is written to disk by the skill itself (per manifest).
Credentials: noteNo local environment variables or platform credentials are requested; instead the skill requires an MCP Connector link that contains an embedded auth token. That token grants publish rights to connected social accounts (a powerful capability) which is proportionate to publishing functionality but should be treated like a password and only supplied to services you trust.
Persistence & Privilege: okalways:false (not force‑included). The skill does not request persistent system privileges or claim to modify other skills or agent settings. Autonomous invocation is allowed (platform default) but not a unique escalation here.