Security audit

Techla FB Repost

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it handles Facebook Page posting credentials in ways that deserve careful review before use.

Install only if you trust the publisher and are comfortable with the skill sending Facebook links/content to Apify, prompts to Gemini, and final content to Facebook Graph API. Use least-privilege tokens stored in OpenClaw secrets or environment variables, do not paste tokens into normal chat or command lines, remove or avoid the verify command until it stops requesting access_token, and require a visible preview plus explicit approval for the exact Page and post before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 82% confidence
Finding: The skill clearly performs external network operations against Apify, Gemini, and Facebook Graph API, yet it does not declare permissions or explicitly scope those capabilities. This makes the skill harder to review and increases the chance of unintended data egress or execution in contexts where network use was not expected.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: `get_page_info()` explicitly requests `fields=name,access_token`, which can retrieve page access token material beyond the stated reposting/posting purpose. Exposing or handling access tokens in a general-purpose verification path increases the chance of credential leakage through logs, stdout, downstream tools, or unintended caller access, which could enable unauthorized posting or page management.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation text says to use the skill 'BẤT CỨ KHI NÀO' a Facebook link and posting request appear, which is overly broad and can trigger the skill in ambiguous contexts. Because this skill can scrape content, generate media, and post to a Facebook Page, accidental invocation could lead to unwanted network calls or unauthorized publishing workflows.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the user to provide and store highly sensitive credentials, including a Facebook Page Access Token, but does not warn about their sensitivity, scope, or safe handling. In a skill that performs posting to third-party services, this increases the risk of credential leakage, reuse in unsafe contexts, or over-privileged token exposure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The document provides concrete API instructions to upload media and publish posts to a Facebook Page, but it does not include any warning, confirmation requirement, or discussion of account-impacting consequences. In the context of a skill explicitly designed to repost content to Facebook, this omission materially increases the risk of unauthorized posting, accidental publication, and unintended transmission of user-generated or scraped content to external services.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script requires the Gemini API key as a positional command-line argument, which can expose the credential through shell history, process listings, job runners, and audit logs. In an automation skill that reposts content and invokes external APIs, this creates a realistic secret-leak path that could let others reuse the API key for unauthorized requests or billing abuse.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script sends the user-supplied Facebook URL and the Apify token to a third-party service, but the usage text does not clearly disclose that post data will be processed externally by Apify. In an agent skill context, this is more dangerous because users may assume the skill operates locally or only against Facebook, creating a data-sharing and consent gap.

External Transmission

Medium

Category: Data Exfiltration
Content: ### Facebook Posts Scraper (Primary) - Actor ID: `apify~facebook-posts-scraper` - Run URL: `POST https://api.apify.com/v2/acts/apify~facebook-posts-scraper/runs` Request body: ```json
Confidence: 88% confidence
Finding: https://api.apify.com/

Credential Access

High

Category: Privilege Escalation
Content: 1. **APIFY_TOKEN** — https://console.apify.com/account/integrations 2. **GEMINI_API_KEY** — https://aistudio.google.com/app/apikey 3. **FB_PAGE_ID** — ID Facebook Page 4. **FB_PAGE_ACCESS_TOKEN** — Page Access Token (permission `pages_manage_posts`) > Gợi ý user lưu vào OpenClaw secrets/env vars để không nhập lại.
Confidence: 97% confidence
Finding: Access Token

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.