Security audit

Instagram Place Posts

Security checks across malware telemetry and agentic risk

Overview

This skill is a location-post scraper that mostly matches its stated purpose, but it uses a logged-in Instagram session, internal APIs, and anti-detection throughput guidance that users should review carefully.

Install only if you are comfortable with an agent using your logged-in Instagram browser session to call internal Instagram APIs and scrape paginated location posts. Avoid using the stealth multi-session throughput guidance, review any generated bash scripts before running them, and delete or monitor the local memory file if you do not want execution notes retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The guidance to use multiple stealth browser sessions with independent fingerprints is an evasion tactic designed to increase scraping throughput while reducing detection by anti-abuse controls. That behavior goes beyond ordinary place-post retrieval and materially increases the skill's utility for large-scale unauthorized collection.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The skill claims it only reads data already displayed to the user, but it actually directs use of internal authenticated APIs with cursor pagination. That mismatch is deceptive because it minimizes perceived risk while enabling deeper automated extraction from authenticated context.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs the agent to write and execute bash scripts for batch processing without clearly warning about shell execution and file modification risks. This increases the chance of unintended command execution, local side effects, and unsafe automation, especially if parameters are later incorporated unsafely.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill directs appending execution notes to a local memory file but does not clearly disclose that it will persist data on disk. Undisclosed persistence can create privacy, forensic, and data-retention issues, particularly when the notes may capture operational details from authenticated scraping sessions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script generates JavaScript that reads the browser's Instagram CSRF token from cookies and uses the current logged-in session context to make an authenticated request to a private Instagram API endpoint. Even though it targets Instagram itself rather than a third-party host, it performs account-context actions and extracts data without any explicit user consent, disclosure, or guardrails, which is risky for an agent skill handling potentially untrusted inputs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.