fb-video-downloader Security Report — Trusted | ClawSafe

5 /100

fb-video-downloader

Download Facebook videos, Reels, and Stories in HD quality using savefbs.com API

A legitimate Facebook video downloader that acts as a bridge to savefbs.com API with documented pricing. No malicious behavior observed - all network operations match declared intent.

Skill Namefb-video-downloader

Duration34.7s

Enginepi

✓

Safe to install

No action required. The skill performs exactly as documented with no hidden functionality.

Findings 1 items

Severity	Finding	Location
Low	Implicit dependency on requests library Supply Chain The Python script imports 'requests' but there is no requirements.txt or equivalent dependency file to pin versions. While requests is a standard library in many environments, explicit pinning would improve supply chain hygiene. `import requests` → Add a requirements.txt with 'requests>=2.28.0' to pin the dependency version.	`scripts/fetch_fb_video.py:7`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✓ Aligned	Writes usage.json to ~/.openclaw/skills/fb-video-downloader/ for quota tracking …
Network	`READ`	`READ`	✓ Aligned	POSTs to savefbs.com/api/v1/aio/search as declared in SKILL.md

5 findings

🔗

Medium External URL 外部 URL

https://savefbs.com

SKILL.md:8

🔗

Medium External URL 外部 URL

https://savefbs.com/pricing

SKILL.md:18

🔗

Medium External URL 外部 URL

https://www.facebook.com/watch?v=123456789

SKILL.md:59

💰

Medium Wallet Address 加密货币钱包地址

0xA4195EeFF370c003C5C775BE4C3f350022666305

scripts/fetch_fb_video.py:23

🔗

Medium External URL 外部 URL

https://pay.request.network/

scripts/fetch_fb_video.py:24

File Tree

2 files · 10.1 KB · 332 lines

Python 1f · 209L Markdown 1f · 123L

├─ ▾ 📁 scripts

│ └─ 🐍 fetch_fb_video.py Python 209L · 6.5 KB

└─ 📝 SKILL.md Markdown 123L · 3.5 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`requests`	`unpinned`	implicit import	No	No requirements.txt - version not pinned

Security Positives

✓ SKILL.md accurately describes all functionality - no doc-to-code mismatch

✓ No credential harvesting or environment variable access for secrets

✓ No obfuscation techniques (base64, eval, dynamic code loading)

✓ No network IOCs to suspicious destinations beyond declared savefbs.com

✓ Usage tracking is local-only and non-sensitive (download counts only)

✓ No reverse shell, C2, or persistence mechanisms

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

Scan Report

Findings 1 items

File Tree

Dependencies 1 items

Security Positives