← 返回 Skills 市场
Facebook Fanpage Inbox for Meta Business Suite
作者
PicSee Inc.
· GitHub ↗
· v1.0.0
756
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install meta-fb-inbox
功能描述
Check Facebook page inbox messages via Meta Business Suite browser automation. Use when asked to check Facebook messages, reply to FB customers, or manage Fa...
安全使用建议
This skill appears to do what it says: browser-automated reading of Meta Business Suite inboxes using an OpenClaw isolated browser profile and a local config.json. Before installing, consider: 1) You will need to log in to Facebook inside the OpenClaw isolated browser (the skill does not provide Facebook credentials). 2) Verify the README claims you care about (e.g., it says images are downloaded to ~/Downloads and that you can reply/manage labels) — the included scripts only extract chat lists and message content/URLs; sending replies or downloading images may be implemented via browser actions described in SKILL.md rather than separate scripts, so test those flows on a non-production page first. 3) Because the skill automates a logged-in browser, it can access any data visible in that session — only grant the agent autonomy if you trust it to operate without user confirmation. 4) Inspect config.json after setup and keep the skill's workspace restricted to avoid accidental exposure of page URLs. If you want higher assurance, run the setup manually and test read-only flows first (listing chats and extracting message previews) before enabling any automated reply workflows.
功能分析
Type: OpenClaw Skill
Name: meta-fb-inbox
Version: 1.0.0
The skill is classified as suspicious due to the direct execution of shell commands (`curl`) within SKILL.md to download images. The `imageUrl` for these commands is extracted from browser DOM content (specifically `img[src*="fbcdn.net"]`) by `scripts/read-messages.js`. While the script attempts to filter image sources and the `curl` command uses quoting, this pattern represents a potential vulnerability where a sophisticated attacker could potentially manipulate the `imageUrl` to download arbitrary files or attempt shell injection, even if the current implementation mitigates some risks. The presence of strong defensive instructions in SKILL.md against prompt injection and path traversal indicates security awareness, but the direct shell execution based on external content remains a notable risk.
能力评估
Purpose & Capability
Name/description align with the provided artifacts: SKILL.md, README, and scripts implement inbox listing and message extraction via browser automation. The skill does not request unrelated credentials or binaries. The setup wizard uniformly writes/reads config.json in the skill workspace, matching the documented configuration flow.
Instruction Scope
Runtime instructions limit filesystem access to the skill workspace and only read/write skills/meta-fb-inbox/config.json. Browser automation calls target business.facebook.com URLs only. The SKILL.md emphasizes using the isolated profile. Minor documentation-scope mismatch: README claims images are 'downloaded to ~/Downloads by default', but the included scripts only extract image URLs (no code that explicitly downloads files to ~/Downloads). Also README mentions replying/labels/notes features; the repository includes DOM-scraping scripts for reading/listing but does not include an explicit send/reply script (replying could nevertheless be performed via browser actions as described in SKILL.md). These are functional/documentation inconsistencies rather than evidence of exfiltration or unrelated access.
Install Mechanism
No install spec; instruction-only plus small local scripts. No downloads from external URLs, no archive extraction. This is low-risk from an install perspective.
Credentials
The skill requires no environment variables, no credentials, and no external config paths. It only stores a local config.json in its workspace. Requested access is proportional to the described capability.
Persistence & Privilege
always:false and no modifications to other skills or system-wide settings. It reads/writes only its own workspace config.json (normal). It can run autonomously by platform default, which is expected for skills that automate browser interactions; no extra privileges are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install meta-fb-inbox - 安装完成后,直接呼叫该 Skill 的名称或使用
/meta-fb-inbox触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
meta-fb-inbox 1.0.0 – Initial Release
- Enables checking and managing Facebook page messages using Meta Business Suite browser automation.
- Supports multiple pages with custom aliases via a simple config file.
- Detailed, step-by-step instructions for setup, login handling, message listing, and chat navigation.
- Includes procedures for safe browser context management and efficient extraction of conversation URLs.
- Provides guidelines for both manual and automated (cron) message checks.
元数据
常见问题
Facebook Fanpage Inbox for Meta Business Suite 是什么?
Check Facebook page inbox messages via Meta Business Suite browser automation. Use when asked to check Facebook messages, reply to FB customers, or manage Fa... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 756 次。
如何安装 Facebook Fanpage Inbox for Meta Business Suite?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install meta-fb-inbox」即可一键安装,无需额外配置。
Facebook Fanpage Inbox for Meta Business Suite 是免费的吗?
是的,Facebook Fanpage Inbox for Meta Business Suite 完全免费(开源免费),可自由下载、安装和使用。
Facebook Fanpage Inbox for Meta Business Suite 支持哪些平台?
Facebook Fanpage Inbox for Meta Business Suite 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Facebook Fanpage Inbox for Meta Business Suite?
由 PicSee Inc.(@picseeinc)开发并维护,当前版本 v1.0.0。
推荐 Skills