← Back to Skills Marketplace
phuongsky

Facebookadvanced

by phuongsky · GitHub ↗ · v1.0.4 · MIT-0
cross-platform ⚠ suspicious
170
Downloads
0
Stars
1
Active Installs
5
Versions
Install in OpenClaw
/install facebookadvanced
Description
OpenClaw skill for posting to Facebook Pages from the terminal
README (SKILL.md)

Facebook Page Posting Skill

A command-line skill for posting to Facebook Pages via the Graph API.

Overview

This skill provides CLI commands to:

  • Post text and images to Facebook Pages
  • Schedule posts for later publication
  • Manage scheduled posts
  • Test connections and verify credentials

Installation

The skill is installed as an npm package:

npm install -g clawhub
clawhub install facebookadvanced

cd .\facebook-advanced
npm install
npm link

Or run directly from the workspace:

node C:\Users\OS\.openclaw\workspace\skills\facebook-advanced\index.js \x3Ccommand>

Usage

OPTIONAL - create facebook-config.json in the same directory as the skill:

{
  "page_id": "",
  "access_token":"",
  "page_name": "",
}

Setup

First, configure your Facebook Page credentials:

openclaw-facebook-posting fb-post-setup \x3Cpage_id> \x3Caccess_token> [page_name]

Getting a Page Access Token:

  1. Go to Facebook Developer Console
  2. Create an app (if needed)
  3. Add "Graph API" product
  4. Generate a Page Access Token with permissions:
    • pages_manage_posts - Create and manage posts
    • pages_read_engagement - Read page content

Posting

Text Post:

openclaw-facebook-posting fb-post "Your message here"

Image Post:

openclaw-facebook-posting fb-post-image "Caption" "https://example.com/image.jpg"

Scheduling

Schedule a Post:

openclaw-facebook-posting fb-post-schedule "Tomorrow's post!" "2024-04-20T10:00:00Z"

List Scheduled Posts:

openclaw-facebook-posting fb-post-schedule-list

Delete Scheduled Post:

openclaw-facebook-posting fb-post-schedule-delete \x3Cpost_id>

Testing

Test Connection:

openclaw-facebook-posting fb-post-test

Show Configuration:

openclaw-facebook-posting fb-config-show

Help

openclaw-facebook-posting --help

Configuration

Configuration is stored in:

C:\Users\OS\.openclaw\workspace\facebook-config.json

Security Note: This file contains your access token. Keep it secure.

Commands Reference

Command Description
fb-post-setup Configure Facebook Page credentials
fb-post Post text to your Page
fb-post-image Post image with caption
fb-post-schedule Schedule a post for later
fb-post-schedule-list List scheduled posts
fb-post-schedule-delete Delete a scheduled post
fb-post-test Test connection and permissions
fb-config-show Show current configuration
--help Show help message

Troubleshooting

Common Issues

Invalid Access Token:

  • Token expired. Generate a new one and re-run setup.
  • Check token permissions.

Page Not Found:

  • Verify page_id is correct.
  • Ensure token has access to the page.

Permission Denied:

  • Token needs pages_manage_posts permission.
  • Re-generate token with correct permissions.

API References

Security Considerations

  • Access tokens are stored in plain text in the config file
  • Do not share your config file
  • Revoke tokens when no longer needed
  • Use environment variables for sensitive data in production

Development

Project Structure

example-posting/
├── index.js              # Main CLI entry point
├── package.json          # npm package config
├── README.md             # User documentation
├── SKILL.md              # Skill documentation
├── commands/
│   ├── setup.js          # Configuration setup
│   ├── post.js           # Text posting
│   ├── post-image.js     # Image posting
│   ├── post-schedule.js  # Schedule posts
│   ├── post-schedule-list.js  # List scheduled posts
│   ├── post-schedule-delete.js  # Delete scheduled posts
│   ├── post-test.js      # Connection testing
│   ├── config-show.js    # Show configuration
│   └── help.js           # Help message
└── facebook-config.json  # User configuration (created on setup)

Adding New Commands

  1. Create a new file in commands/ directory
  2. Export a function that handles the command logic
  3. Add the command to index.js commands mapping
  4. Update help.js with documentation

Testing

# Test connection
node commands/post-test.js

# Test specific command
node commands/post.js "Test message"

License

MIT

Usage Guidance
What to check before installing or running this skill: - Do not paste your Page access token into a public place. The skill stores the token unencrypted in a JSON file in your OpenClaw workspace (facebook-posting.json per the code, but SKILL.md refers to facebook-config.json and a Windows path). Clarify which file the tool will actually read/write and secure that file (restrict filesystem permissions) or use environment variables instead. - The README and code disagree on filenames and CLI names. Confirm which filename the installed package will use (facebook-posting.json vs facebook-config.json) and where it will be written. If you follow the README but the code reads a different path, your token may be left in an unexpected location. - Review package.json and any npm install hooks before running npm install -g or linking the package. Because the registry metadata did not include an automated install spec, running npm will actually execute whatever is in package.json (postinstall scripts could be present in the omitted files). - The code only talks to graph.facebook.com, which is expected. Still, because some files were truncated in the provided dump, provide the remaining files (full package.json and any omitted scripts) for a full review — the current judgment assumes the omitted files don't contain unexpected network endpoints or obfuscated code. - Prefer using short-lived tokens or environment variables (and platform secrets storage) rather than plaintext files. If you must use a file, set restrictive file permissions and remove tokens when not needed. - If you want to proceed: run the tool in a sandbox or throwaway account first to confirm behavior, and verify that test-post/deletion behavior is acceptable (the test command creates and attempts to delete a post). What would change this assessment to 'benign': - SKILL.md fixed to match the actual config filename/path and CLI names, no postinstall hooks in package.json, and explicit guidance to use environment-based secrets or encrypted storage. Also provide the omitted files for review showing no other network targets or obfuscated code. What would increase severity to 'malicious': - Discovery of postinstall scripts or other omitted files that contact non-Facebook endpoints, exfiltrate the access token, or contain obfuscated code. If you want, provide the remaining files (complete package.json and the omitted JS files) and I will re-scan them.
Capability Analysis
Type: OpenClaw Skill Name: facebookadvanced Version: 1.0.4 The skill bundle exhibits significant code redundancy and conflicting implementations, suggesting a poorly vetted or improperly assembled package. It contains two sets of overlapping commands (e.g., 'post.js' vs 'fb-post.js') that use different configuration filenames ('facebook-config.json' vs 'facebook-posting.json'). A critical security vulnerability exists in 'commands/post.js', which explicitly logs the full Facebook 'access_token' to the console via debug statements. Furthermore, many scripts in the bundle depend on the 'commander' package, which is not declared in the 'package.json' dependencies, and the documentation contains hardcoded Windows file paths (e.g., C:\Users\OS\...), indicating the bundle was likely captured from a specific local environment without sanitization.
Capability Tags
requires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The name/description match the code: the JavaScript files implement posting, scheduling, listing drafts, and test flows against graph.facebook.com. Requested capabilities (posting, scheduling, deleting) are coherent with a Facebook Pages posting skill. However, the SKILL.md and code disagree about config filenames and CLI names (SKILL.md references facebook-config.json and a Windows path, many code files read/write facebook-posting.json in the user workspace), which is inconsistent and could confuse users.
Instruction Scope
SKILL.md instructs users to place a facebook-config.json in the skill directory or shows a Windows hard-coded path (C:\Users\OS\.openclaw\workspace\facebook-config.json), but most code reads/writes facebook-posting.json from the OpenClaw workspace (resolved from HOME/USERPROFILE or OPENCLAW_WORKSPACE). CLI binary names also differ between docs and code (e.g., 'openclaw-facebook-posting' vs 'openclaw fb-post-*'). The README also explicitly warns that access tokens are stored in plain text; the code persists the token to disk without encryption. These mismatches are scope/integration errors that could cause accidental token exposure or misconfiguration.
Install Mechanism
Registry metadata lists no install spec (instruction-only), but the package includes many code files (index.js, commands/*.js, package.json). There's no provided installation script in the registry metadata — the SKILL.md suggests npm global install and linking. Because there's no automated install spec, nothing will be dropped by the platform automatically, but installing the package with npm (per the README) will write files to the environment; verify package.json and postinstall hooks before running npm install.
Credentials
The skill declares no required environment variables or primary credential, and it asks the user to supply a Facebook Page access token via the CLI (reasonable). It stores the access token in a plaintext JSON file in the user's workspace (facebook-posting.json), which is explicitly called out in the SKILL.md. The code also respects OPENCLAW_WORKSPACE if set, but that env var is not declared in metadata. Storing long-lived tokens in plaintext is disproportionate risk if users don't secure the workspace. There are no other unrelated credentials requested.
Persistence & Privilege
The skill does not request always:true or any elevated platform privileges. It does write a config file to the user workspace (normal for a CLI tool). The skill can be invoked autonomously by the agent (platform default), but that is not an additional red flag here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install facebookadvanced
  3. After installation, invoke the skill by name or use /facebookadvanced
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
- Documentation in SKILL.md reformatted for clarity; no functional changes to skill features. - No changes to commands or behavior—update only impacts documentation.
v1.0.3
OpenClaw skill for posting to Facebook Pages from the terminal to post text and images, schedule and manage posts on Facebook Pages via the Graph API using configured page credentials.
v1.0.2
**Initial public release of example-posting skill.** - Added CLI commands for posting text and images to Facebook Pages, including scheduling and post management. - Implements configuration setup, show config, and connection test commands. - Provides help and usage documentation via the `help` command. - Supports deleting posts and scheduled/deferred posts. - Organizes commands in a modular structure for easy extension.
v1.0.1
- Added _meta.json file for skill metadata. - No changes to commands or functionality.
v1.0.0
Initial release of the Facebook Posting skill for OpenClaw. - Provides a complete CLI for posting, scheduling, and managing Facebook Page content from the terminal. - Supports immediate posts, image posts, scheduled posts, drafts, and deletions. - Includes setup, configuration, post listing, and connection testing commands. - Outputs post/schedule IDs and detailed troubleshooting steps for common Facebook API errors. - Implements safety checks for destructive actions and best practices for token and privacy security.
Metadata
Slug facebookadvanced
Version 1.0.4
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 5
Frequently Asked Questions

What is Facebookadvanced?

OpenClaw skill for posting to Facebook Pages from the terminal. It is an AI Agent Skill for Claude Code / OpenClaw, with 170 downloads so far.

How do I install Facebookadvanced?

Run "/install facebookadvanced" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Facebookadvanced free?

Yes, Facebookadvanced is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Facebookadvanced support?

Facebookadvanced is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Facebookadvanced?

It is built and maintained by phuongsky (@phuongsky); the current version is v1.0.4.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments