Skillv1.0.0

ClawScan security

Instagram Collector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 5, 2026, 3:39 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's behavior (it calls Apify and requires an APIFY_API_TOKEN) matches its stated purpose, but the registry metadata fails to declare the required credential and other small inconsistencies warrant caution before installing.
Guidance: This skill looks like a legitimate Apify-based Instagram scraper, but the SKILL.md requires an APIFY_API_TOKEN while the registry metadata does not declare any required environment variables—this mismatch is the main red flag. Before installing: 1) Confirm the publisher/source (no homepage provided) and prefer a vetted source. 2) Require the author to declare APIFY_API_TOKEN in the skill metadata (so the platform can enforce secret handling). 3) Store APIFY_API_TOKEN securely (least privilege) and ensure it can be revoked. 4) Verify the implementation of apifyService.scrapeInstagramProfile (or run in a sandbox) so you know exactly what network calls and data are transmitted. 5) Ensure logs do not leak handles or tokens (sanitize error logs). 6) Be aware that each run may incur Apify costs and rate limits; test with a low-volume account first. If the publisher cannot explain or correct the missing credential declaration, treat the skill as untrusted.

Purpose & Capability: concernThe SKILL.md clearly depends on the Apify Instagram Profile Scraper and therefore needs an APIFY_API_TOKEN. The registry metadata lists no required environment variables or primary credential, which is inconsistent with the stated purpose and should be corrected.
Instruction Scope: noteInstructions describe calling the Apify actor, polling for completion, fetching dataset results, mapping fields, and extracting hashtags — all consistent with collecting Instagram metrics. The instructions do not ask for unrelated system files or other secrets. They do log errors (including the handle) which could expose user-provided handles in logs if not sanitized.
Install Mechanism: okThis is an instruction-only skill with no install script or code files, so nothing is written to disk during install. That minimizes install-time risk.
Credentials: concernSKILL.md explicitly requires an APIFY_API_TOKEN (sensitive credential) but the skill metadata lists zero required env vars and no primary credential. Lack of declared credential is a mismatch and should be fixed. Aside from Apify, no other credentials are requested.
Persistence & Privilege: okalways is false and the skill does not request persistent or system-wide privileges. Autonomous invocation is allowed (platform default) but there is no evidence the skill modifies other skill configs or requires permanent presence.