instagram-publish
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken invocation could publish unwanted content to a connected Instagram account.
The skill can cause a real Instagram post to be created. This matches the stated purpose, but public posting is high-impact if the wrong media, caption, or account is used.
This skill enables publishing content to Instagram via the MyBrandMetrics API.
Before running the script, confirm the account/connection ID, exact caption, media list, and whether a Reel should be shared to feed.
Anyone or any agent action with these values may be able to publish through the configured account.
These credentials and identifiers delegate authority to publish through the connected Instagram/MyBrandMetrics account.
`--api-key`: MyBrandMetrics API Key (check `TOOLS.md` for current key) - `--connection-id`: Instagram Connection ID - `--account-id`: MyBrandMetrics Account ID
Keep the API key out of shared chats/logs, verify the account IDs before posting, and rotate the key if it is accidentally exposed.
Users have less external context for verifying who maintains the skill or whether the MyBrandMetrics endpoint is the intended provider.
No automatic installer is present, but the package provenance is not identified, which matters for a skill that receives publishing credentials.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Review the included script and verify the MyBrandMetrics API relationship before providing credentials.