ClawHub

Openclaw Facebook Marketing

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Facebook marketing automation tool, but it can use a logged-in Facebook profile to post public replies automatically and stores social data with limited controls.

Install only if you are comfortable letting an agent act through a logged-in Facebook browser profile. Prefer Draft or Query mode, inspect the referenced local scripts before use, use a dedicated low-risk profile/account if possible, set explicit monitoring limits, and periodically delete stored comments, receipts, logs, and screenshots.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to consult `/Users/m1/.openclaw/workspace-elon/SOUL.md`, a local file unrelated to the Facebook marketing workflow. This creates an unnecessary cross-scope data access path and may expose private persona, prompt, or workspace content from another project into generated Facebook outputs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill is designed to read Facebook comments and threads, and elsewhere documents storage of receipts, comments, logs, and screenshots, but the description does not clearly warn users that local persistence may include personal data. This is a privacy and consent problem because operators may enable the skill without understanding that third-party content is being collected and retained on disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Full Auto mode allows the agent to post public replies on Facebook automatically without an explicit, prominent warning about unintended public actions. In the context of a social-media automation skill, this is dangerous because mistaken, off-brand, or policy-violating replies can immediately affect account reputation, relationships, and platform standing.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal