Security audit

Facebook Fanpage Manager

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises, but it needs review because it can control a Facebook Page using a long-lived token and its safeguards are weak.

Install only after reviewing the Facebook permissions and secret handling. Use a test or low-risk page first, store the access token through a protected secret mechanism if possible, restrict local config permissions, do not share output from the connection script, and rotate or revoke the token if it appears in logs or screenshots. Enable auto-reply only with clear authority to process Messenger messages and with human review or audit controls for outgoing posts, comments, and messages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The invocation text uses very broad trigger phrases such as Facebook, Messenger, access token, and social media automation, which overlap with common user speech. This can cause the skill to activate in contexts where the user did not intend to manage a page, increasing the chance of unwanted access to stored credentials or accidental posting/messaging actions.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill describes automated polling of conversations and AI-generated Messenger replies without clearly warning that it will process private user communications. Monitoring and auto-responding to conversations can expose personal data, create privacy-law compliance issues, and send unintended messages on behalf of the page owner.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to obtain and store long-lived Facebook access tokens in local configuration without an explicit credential-handling warning. These tokens grant powerful page-management abilities, so insecure storage, accidental logging, or reuse in shell commands could enable unauthorized posting, messaging, and data access.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guide instructs users to place a permanent Facebook Page Access Token directly into a local JSON config file, but it does not clearly describe the risks of storing long-lived credentials in plaintext on disk. If that file is exposed through backups, logs, malware, local compromise, or accidental sharing, an attacker could take over page management functions exposed by the token.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script prints both the Facebook Page ID and a partially masked access token to stdout. Even partial token disclosure is sensitive because logs, terminal scrollback, CI output, screen recordings, or support screenshots can leak credential material and aid token correlation or social-engineering attacks; in this skill context, the token grants access to a Facebook Page, so exposing any part of it is more dangerous than a generic diagnostic secret.

Credential Access

High

Category: Privilege Escalation
Content: | Thông tin | Ví dụ | Lưu ở đâu | |-----------|-------|-----------| | Page ID | `123456789012345` | openclaw.json | | Page Access Token (vĩnh viễn) | `EAAG...ZD` | openclaw.json | | App ID | `1234567890123456` | Ghi chú riêng (dùng khi cần lấy token mới) | | App Secret | `abc123def456...` | Ghi chú riêng (BẢO MẬT!) |
Confidence: 90% confidence
Finding: Access Token

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal