ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Insta Content Engine

v1.0.0

Find trending topics, create editorial-style social media graphics, and post to X/Twitter and Instagram. Includes image generation with photographic backgrou...

0· 44·0 current·0 all-time
bykash@ashmonmc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The functionality (find trending content, generate images via OpenAI, and post to X/Instagram) matches the name and description. However the package registry metadata lists no required env vars while SKILL.md and the scripts require several secrets (OPENAI_API_KEY, BRAVE_API_KEY, IG_USERNAME/IG_PASSWORD) and external tools (bird CLI, instagrapi). That metadata mismatch is misleading.
!
Instruction Scope
The runtime instructions and included scripts do more than a simple 'generate-and-post' flow: they read a user OpenClaw config file (~/.openclaw/clawdbot.json) to obtain a Brave API key, write a persistent session file (~/.openclaw/ig_session.json), and construct/execute an inline Python script via shell. The instagram-post flow inlines credentials into a python -c command string, which can expose secrets in process listings. These behaviors expand scope to the user's filesystem and long-lived session data.
Install Mechanism
This is an instruction-only skill with bundled scripts and no install spec or remote downloads. No extra packages are automatically fetched by the skill installer itself (lowest installer risk).
!
Credentials
The skill legitimately needs an OpenAI key to generate images and IG credentials to post, and a Brave search key to scrape Instagram via Brave. But the registry claims no required env vars while the code expects them. Additionally, the skill reads an OpenClaw config file for keys (potentially exposing other stored secrets), persists an IG session file in the user's home directory, and inlines usernames/passwords in a shell command (exposes them to other local users/process inspections). These are disproportionate privacy/secret-handling risks if not understood.
!
Persistence & Privilege
The skill saves an Instagram session file at ~/.openclaw/ig_session.json and reads/writes into ~/.openclaw. That creates persistent credentials/session state on disk. The skill is not always: true, but its file persistence and session-saving behavior increases its long-term footprint and the impact of compromised credentials.
What to consider before installing
This skill's features align with its description, but it mishandles credentials and metadata is misleading. Before installing: - Expect to provide OPENAI_API_KEY, BRAVE_API_KEY, and IG_USERNAME/IG_PASSWORD (the registry incorrectly lists none). Treat these as sensitive. - Do not run it on a multi-user or shared machine: instagram-post.js builds a python -c command that contains your username/password in the command text, which can be visible to other local users via ps/psaux and logs. Better approaches are to use environment variables passed securely, a temporary file with restrictive permissions, or a proper OAuth/session flow. - Inspect and control the ~/.openclaw directory: the skill will try to read ~/.openclaw/clawdbot.json for keys and will write ~/.openclaw/ig_session.json (containing session info). Review and remove saved session files when no longer needed and rotate passwords if used. - If you need to run this, prefer running in an isolated VM/container, or modify instagram-post.js to invoke a short Python script file (not inline) and avoid embedding credentials in command lines. - Confirm you trust the OpenAI key usage (image generations incur cost) and that storing IG credentials in a script/session fits your security posture. If you want, ask for a secure remediation checklist (minimal code edits to avoid credential exposure) or for a specific code change to reduce the risks identified.
scripts/instagram-post.js:120
Shell command execution detected (child_process).
scripts/viral-search.js:68
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9721q72we9mvjf04rmh7s5fw583s516

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments