facebook-automation

The skill is broadly consistent with its stated Facebook automation purpose and uses an apparently official Composio/Rube integration path, so it is not overt malware. Risk is still significant because it delegates Facebook OAuth and API actions to a third-party intermediary and enables public posting/commenting and possible ad-management actions by the agent.