Instagram Scraper
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is openly an Instagram scraper, but it promotes stealth and residential-proxy techniques to avoid bans and rate limits, with unclear login credential handling.
Review this carefully before installing or using it. The scraping purpose is clear, but the documentation encourages avoiding Instagram bans and rate limits with stealth and residential proxies. Only use it where you have permission, understand the legal and account-risk implications, and can verify the actual implementation and credential handling.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this could get the user's Instagram account or IP restricted and may enable large-scale scraping that violates site rules or privacy expectations.
The skill explicitly advertises evasion-oriented browser and proxy behavior designed to avoid Instagram blocking and rate limits, not just ordinary browser automation.
"Browser fingerprinting, human behavior simulation, and stealth scripts" ... "Automatic IP Rotation" ... "so rate-limits never stack up" ... "Scrape thousands of profiles over hours or days"
Only use with authorization and clear limits; avoid stealth scripts, IP rotation, and high-volume scraping workflows unless they are legally and contractually permitted.
A user's Instagram account could be exposed to lockouts, verification challenges, or misuse if credentials or sessions are handled poorly.
The skill appears to involve Instagram login or account verification, but the registry declares no primary credential and the documentation does not explain credential/session scope, storage, or handling.
"Login Issues" ... "Ensure credentials are correct" ... "Handle verification codes when prompted"
Clarify whether login is required, how credentials and sessions are stored, and what account permissions are used; prefer a dedicated account and avoid sharing passwords with unreviewed tooling.
The user cannot verify what implementation would actually run if they obtain the missing scraper code elsewhere.
The package cannot be reviewed as a runnable scraper from the supplied artifacts, even though SKILL.md describes Python/Playwright-based commands and browser automation.
"Source: unknown"; "No install spec — this is an instruction-only skill"; "No code files present"
Install only from a trusted, inspectable source with pinned dependencies and reviewed code matching the documented behavior.
Public profile data and images may remain on disk and could be reused, shared, or retained longer than intended.
The skill discloses persistent local storage of scraped profile information, images, queues, and exports.
"Scraped data": "data/output/{username}.json"; "Thumbnails": "thumbnails/{username}/profile_*.jpg"; "Export files": "data/export_{timestamp}.json", "data/export_{timestamp}.csv"Review output folders, set retention limits, and avoid collecting or retaining more profile data than necessary.