Security Audit

Facebook Automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

Facebook Automation received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Exposure of Facebook Page Access Tokens, Access to Sensitive Messenger Conversation Data.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Excessive Permissions

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Exposure of Facebook Page Access Tokens The `FACEBOOK_LIST_MANAGED_PAGES` tool returns `access_token` values for managed Facebook Pages. The documentation advises caching results (`"Always run this first to cache page_id values. Avoid repeating discovery calls -- cache the results."`) which, if applied to the `access_token`s, could lead to insecure storage of sensitive credentials by the agent. Insecure caching or logging of these tokens could result in unauthorized access to Facebook Pages. Implement robust security measures for handling and storing `access_token`s. Ensure tokens are encrypted at rest, have limited lifespans, and are only accessible by authorized components. Avoid persisting tokens unnecessarily and clear them from memory when no longer needed. Explicitly instruct agents not to cache `access_token`s in an insecure manner.	LLM	SKILL.md:40
MEDIUM	Access to Sensitive Messenger Conversation Data The `FACEBOOK_GET_PAGE_CONVERSATIONS` and `FACEBOOK_GET_CONVERSATION_MESSAGES` tools allow the agent to retrieve private Messenger conversations between users and the Facebook Page. While the skill warns about user-visible side effects for write operations (`FACEBOOK_SEND_MESSAGE`, `FACEBOOK_MARK_MESSAGE_SEEN`), it lacks explicit warnings or guidance regarding the sensitive nature of reading private conversation data. This could lead to privacy violations if the agent accesses or processes this data without proper user consent or secure handling. Add explicit warnings and recommendations for agents to obtain clear user consent before accessing or processing private Messenger conversation data. Implement strict data minimization and retention policies. Ensure that any processing of this data complies with privacy regulations (e.g., GDPR, CCPA) and Facebook's platform policies.	LLM	SKILL.md:100

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/c3d5e7a72fd6cbf3.svg)](https://skillshield.io/report/c3d5e7a72fd6cbf3)