Back to skill

Security audit

Instagram Video Downloader

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it advertises, but its privacy and payment claims do not match what the code actually does.

Install only if you are comfortable sharing submitted Instagram URLs with savefbs.com and with the skill keeping a local usage counter. Do not provide Instagram credentials, private/session URLs, or sensitive links. Treat the included payment or upgrade flow cautiously because the artifacts do not show reliable payment verification or a clear unlock process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The skill explicitly claims that no user data is collected, stored, or transmitted, yet the documented workflow sends a user-provided Instagram URL to savefbs.com for processing. This is a materially misleading privacy/security statement that can cause users and agents to disclose data to a third party without informed consent, and the contradiction is made more suspicious by the prominent 'this skill is safe' language.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The script advertises payment integration, but it never verifies any payment and instead relies on a locally stored "paid" flag in a user-writable usage file. This creates a trust-boundary flaw: anyone or any local process can modify the file to unlock paid functionality, enabling fraudulent access and misrepresenting the commercial behavior of the skill.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to send user-supplied Instagram URLs to an external service but does not clearly warn users that their input and related metadata will be disclosed to a third party. In this context, the omission is security-relevant because the skill handles user content and promotes direct execution while minimizing perceived risk through reassuring but contradictory safety language.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script transmits the user-provided Instagram URL to savefbs.com, a third-party service, without any explicit disclosure or consent flow. Even if this is functionally necessary, the URL may reveal private interests, account targets, or sensitive links, creating a privacy and data-sharing risk in the context of an agent skill.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The script persistently stores usage and entitlement state in the user's home directory without clear notice. While low severity, undisclosed local tracking can surprise users, leak behavioral metadata to other local actors, and—combined with the unverified paid flag—also weakens enforcement of quota and purchase state.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.