Dataify Instagram Reels

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Dataify helper for submitting Instagram Reel collection jobs, with no hidden persistence or unrelated local access found.

Install only if you intend to submit Instagram Reel collection jobs to Dataify. Review the mode, URLs, date/count values, and token use before confirming a run, and save DATAIFY_API_TOKEN locally only if you are comfortable with future sessions reusing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The invocation text is very broad and matches many generic scraping or Instagram-related requests, so the skill may activate in contexts where the user did not intend this particular third-party submission flow. Misrouting user requests to a networked scraping skill can cause unintended external data transfer, credential prompts, or policy-violating collection actions.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill enables implicit invocation while its description and default prompt cover a broad set of Instagram Reel collection and troubleshooting requests, making accidental or overly eager activation plausible. Because the skill submits external Dataify tasks, unintended invocation could trigger data collection actions, API usage, or requests against user-supplied targets without sufficiently explicit user intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal