Back to skill

Security audit

clawlite-mark

Security checks across malware telemetry and agentic risk

Overview

This Facebook automation skill is mostly coherent, but it can post publicly from a live account and includes an unnecessary hardcoded read of a private local style file.

Install only if you intend to let an agent operate a logged-in Facebook browser profile. Prefer Draft or Query mode first, remove or replace the hardcoded local SOUL.md style reference, verify the target Facebook account, and periodically clear stored comments, receipts, logs, and screenshots.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to read an unrelated local file (`/Users/m1/.openclaw/workspace-elon/SOUL.md`) for stylistic guidance. Expanding scope from Facebook automation into arbitrary local filesystem reads is dangerous because it can expose sensitive local data and normalize unauthorized access paths not required for the task.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This skill automates public posting and replies on Facebook, but the description does not clearly warn that it can perform external side effects on a live social account. That omission increases the chance of unintended public actions, reputational harm, or user surprise when the agent posts or responds automatically.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.