ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Instagram Strategic Analyzer

v1.0.0

Analyzes artist profiles to generate Instagram post ideas, storytelling concepts, captions, and content strategies for musical branding.

0· 112·0 current·0 all-time
by@ilprato

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ilprato/instagram-strategic-analyzer.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Instagram Strategic Analyzer" (ilprato/instagram-strategic-analyzer) from ClawHub.
Skill page: https://clawhub.ai/ilprato/instagram-strategic-analyzer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install ilprato/instagram-strategic-analyzer

ClawHub CLI

Package manager switcher

npx clawhub@latest install instagram-strategic-analyzer
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated purpose (generate Instagram content strategy) matches the prompts and SKILL.md. However, config.json declares type: "api-agent", inputs instagram_id and access_token and a Facebook Graph API base_url — which suggests the skill will fetch data from Instagram — while the skill's manifest and requirement list declare no required env/credentials. This is an internal inconsistency: either it needs API credentials or it expects input data to be supplied externally.
Instruction Scope
SKILL.md and prompt.md instruct the agent to analyze profile data and the last 10 posts (captions, engagement). They do not tell the agent to read unrelated files or env vars, nor to transmit data to unexpected endpoints. But prompt.md assumes the agent will 'receive' profile data; there are no instructions for how the skill should obtain that data (manual user input vs. Graph API). That ambiguity grants broad discretion and should be clarified.
Install Mechanism
No install spec is present and the skill is instruction/code-only. Nothing will be downloaded or written during install according to the provided metadata.
Credentials
The skill does not declare required environment variables and the registry metadata lists none. Yet config.json lists instagram_id and access_token as inputs and a Graph API base_url — implying it may require Instagram/Facebook credentials to function. index.js as provided does not use these inputs. This mismatch means the skill may later be changed to request sensitive credentials; do not provide access tokens without confirmation of how they will be used/stored.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it does not request persistent system privileges or claim to modify other skills or system settings.
What to consider before installing
This skill looks like a mostly harmless, creative Instagram analysis tool, but its files are inconsistent: config.json hints at automatic Graph API access (instagram_id + access_token), while the actual code (index.js) is a no-op returning a static Italian message and the SKILL.md/prompt expect profile data to be provided. Before installing or supplying any real credentials: 1) Ask the author/source to explain whether the skill will fetch data from the Facebook/Instagram API or only operate on user-provided data. 2) Do not provide access tokens or passwords until you see code that securely uses/stores them (and a trusted source/homepage). 3) Request the full implementation or test with dummy data to confirm behavior. 4) Prefer skills from a verifiable homepage or owner; this skill's source is unknown. These inconsistencies look like sloppy/incomplete engineering rather than overt malice, but they raise a real privacy risk if someone later updates the skill to use the access_token without clear disclosure.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ch5ys1p50jxj7ezy77v4bjh85444w
112downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@ilprato
latest
Download

Instagram Strategic Analyzer

Description

AI skill that analyzes an artist profile and generates Instagram content strategies.

Purpose

Designed for Il Prato, a musical artist, to:

  • Generate post ideas
  • Create storytelling concepts
  • Suggest content strategies
  • Support artistic branding on Instagram

Inputs

  • Text describing artist context or post idea

Outputs

  • Content ideas
  • Captions
  • Strategy suggestions
  • Creative direction

Notes

Optimized for emotional, narrative-driven musical content.

Comments

Loading comments...