ClawHub

Dataify Instagram Profiles

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Dataify helper that submits Instagram profile collection jobs only to the expected Dataify endpoint using a user-provided or saved API token.

Install only if you intend to use Dataify to create Instagram profile collection tasks. Review the target usernames or profile URLs before submitting, and save DATAIFY_API_TOKEN locally only if you are comfortable letting future runs reuse that token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger text is broad enough to activate on generic requests about task status, token configuration, or troubleshooting, not just intentional Instagram profile collection. That can cause the wrong skill to engage and potentially use a stored API token or initiate external actions in contexts where the user did not clearly request this specific integration. Overbroad invocation is a security boundary issue because it increases the chance of unintended tool use.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill enables implicit invocation globally, but the manifest shown does not define tight trigger constraints, exclusions, or user-confirmation boundaries. In a data-collection skill that submits external scraping tasks, this increases the chance of accidental or overly broad activation from ambiguous user requests, which could lead to unintended third-party requests and collection actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal