That demand sort of tells me FB is "reaching" too much and may not have much teeth.
In the recent 2020 ruling for VAN BUREN v. UNITED STATES, Supreme Court states that:
> "An individual “exceeds authorized access” when he accesses a com- puter with authorization but then obtains information located in par- ticular areas of the computer—such as files, folders, or databases— that are off-limits to him."
To me this means that as long as OP's extension is only doing stuff which their authorized cookie/token etc is authorized to do, they should be fine. Also it's not the OP who's doing these actions, it's the end user who's using the extension to achieve authorized activity. So I don't see how OP's extension is in the wrong.
Only valid claim FB might have is about using trademarked data and any data collection maybe. But the end user using the extension to perform authorized actions (even if automated) should be okay imo.
