Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Facebook Manager
v1.0.1Skill quản lý Facebook toàn diện cho OpenClaw: hỗ trợ CẢ Fanpage (Page Token) VÀ tài khoản cá nhân (User Token). Fanpage: đăng bài, reply comment, auto-reply...
⭐ 0· 103·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Skill claims to manage Facebook (pages, messenger, groups) which legitimately needs Facebook tokens and curl; however the registry only declares FACEBOOK_ACCESS_TOKEN while the README and scripts use FACEBOOK_PAGE_TOKEN, FACEBOOK_USER_TOKEN, FACEBOOK_PAGE_ID, and the setup guide instructs obtaining APP_ID and APP_SECRET. The declared requirements do not match the actual required credentials.
Instruction Scope
SKILL.md includes step-by-step API calls, a token refresh script, and explicit instructions to store tokens and App Secret; the refresh script and examples reference writing to ~/.openclaw/openclaw.json and use APP_ID/APP_SECRET (not declared). The instructions therefore direct the agent to handle and persist multiple secrets and to modify an agent config file — actions beyond simple API call examples.
Install Mechanism
This is an instruction-only skill with no install spec (no code fetched from the network at install time). The only code file is a small local shell script. Lack of an installer reduces installation-time risk.
Credentials
Registry lists a single required env var (FACEBOOK_ACCESS_TOKEN) but the skill expects and documents several env vars including FACEBOOK_PAGE_TOKEN, FACEBOOK_USER_TOKEN, FACEBOOK_PAGE_ID, APP_ID, APP_SECRET. Requesting APP_SECRET or telling users to store it is sensitive and not declared; asking for multiple unrelated secrets without declaring them is disproportionate and inconsistent.
Persistence & Privilege
The skill's refresh script suggests storing refreshed tokens into ~/.openclaw/openclaw.json (it updates the skill's own entry). Modifying the agent's config to persist tokens is plausible for this use case, but it creates long-lived secrets on disk and suggests setting a cronjob. This increases persistence and blast radius if tokens are compromised. The skill does not set always: true.
What to consider before installing
Do not install or provide secrets until these inconsistencies are resolved. Ask the author to: (1) update the registry metadata to list all env vars the skill actually needs (FACEBOOK_PAGE_TOKEN, FACEBOOK_USER_TOKEN, FACEBOOK_PAGE_ID, APP_ID, APP_SECRET), or change SKILL.md to match the declared variable; (2) explain why APP_SECRET is needed and whether the token-refresh step can be performed manually instead; (3) confirm whether the skill will write to ~/.openclaw/openclaw.json and offer an opt-out; (4) avoid storing App Secret in plaintext if possible and document access controls. If you do proceed, provide only the minimal token necessary (prefer a page-scoped token with least privilege), avoid giving APP_SECRET to untrusted code, and consider running the included scripts manually after reviewing them.Like a lobster shell, security has layers — review code before you run it.
latestvk972bcfbqcq8grqrm2s7688aa583wgy4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📘 Clawdis
Binscurl
EnvFACEBOOK_ACCESS_TOKEN