Instagram Caption

Security checks across malware telemetry and agentic risk

Overview

This is a local Instagram content logging helper with disclosed plaintext storage and no evidence of network access, credential use, hidden execution, or destructive behavior.

Install only if you are comfortable with Instagram drafts, campaign notes, schedules, and hashtags being saved in plaintext under ~/.local/share/instagram-caption and included in local exports. Do not enter secrets, credentials, confidential client material, or unreleased business-sensitive copy unless that local retention model is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The skill is presented primarily as an Instagram content generator, but its documented behavior also includes persistent local logging, unified history, search, export, and status reporting over stored user content. This creates a transparency and data-handling risk: users may provide sensitive drafts, schedules, campaign details, or personal notes expecting transient generation, while the skill retains them in plain text and makes them easy to enumerate and export.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill metadata promises Instagram content generation and optimization, but the script mainly records user inputs, displays prior entries, and exports stored logs. This mismatch is dangerous because users may disclose drafts, campaign ideas, or account-related text under the assumption the tool is performing content generation, when it is instead building a persistent local corpus of their data.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The script creates a persistent data directory and centralized history log for all user activity, then provides search and export workflows that are broader than needed for a simple caption-writing helper. In a skill context, collecting and retaining all prompts without clear necessity increases exposure of sensitive marketing plans, unpublished copy, or personal data entered by users.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: User-supplied caption text is written directly to persistent log files with no warning that the content will be retained. This is risky because users may enter confidential campaign copy, customer information, or unpublished announcements, which then remain on disk and may be readable by other local processes or future users of the account.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The export function aggregates all stored activity into a single file, which materially increases the blast radius of any local disclosure. Even though the export path is local, bundling all prior user inputs into one artifact makes accidental sharing, backup leakage, or misuse by another local user much more damaging.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The combination of persistent logging plus search, recent, status, and export commands enables broad re-exposure of previously entered content far beyond the immediate command invocation. In the context of a content-writing skill, this expands access to stored user material without a strong functional need, increasing the chance of confidentiality loss through shoulder surfing, shared terminals, exported files, or local compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal