Instagram Scraper

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Instagram scraper, but it promotes large-scale scraping with stealth and residential proxies, so it should be reviewed carefully before use.

Install only if you are authorized to collect the Instagram data and accept the legal, platform, account, IP, privacy, and data-retention risks. Review the actual scraper code before running it, use minimal credentials, avoid anti-detection and proxy rotation unless clearly permitted, set conservative rate and volume limits, and delete scraped data and thumbnails when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly enables large-scale Instagram profile discovery, scraping, thumbnail downloading, and data export, but provides no warning or guardrails around privacy, consent, platform terms, or lawful handling of collected personal data. In context, this omission is meaningful because the skill also promotes stealth techniques, anti-detection measures, and residential proxies, which increases the likelihood of abusive or non-consensual data collection.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal