Skillv1.0.0

ClawScan security

Instagram Reels Search API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 12:12 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it says (calls JustOneAPI's Instagram reels search and only requires a JustOneAPI token), but its runtime instructions and script handle the secret insecurely (token sent on the URL query string and passed via CLI args), which can leak the token through process lists, logs, or referer headers.
Guidance: This skill appears to perform the advertised Instagram Reels search using JustOneAPI and only needs your JUST_ONE_API_TOKEN. However, the bundled script sends your token as a command-line argument and as a URL query parameter — both of which can leak the secret via process lists, CI logs, web proxies, or referer headers. Before installing or using the skill, consider: - Avoid expanding the token into CLI args; instead modify the script (or request a patch) to read the token from the environment inside the process and send it in an Authorization header (Bearer) rather than as a query parameter. - If you must use the provided script, run it in an isolated environment and ensure other users/processes cannot view process arguments. - Review JustOneAPI's documentation and token scopes; create a least-privilege token and rotate it if exposed. - Be aware the script prints full backend JSON and error payloads to stdout/stderr — this may include personally identifiable or sensitive content. If you want, I can suggest a small code change to avoid passing the token on the command line and to send it in an Authorization header instead.

Review Dimensions

Purpose & Capability: okName, description, required binary (node), and required env var (JUST_ONE_API_TOKEN) align with the included code and manifest. The skill only targets GET /api/instagram/search-reels/v1 on api.justoneapi.com and requires the keyword parameter as documented.
Instruction Scope: concernSKILL.md and bin/run.mjs instruct running the bundled node script and supply the token with --token "$JUST_ONE_API_TOKEN"; the script places the token into the query string (parameter 'token') and then issues the request. This is functional for the stated purpose but exposes the secret in process arguments and in the URL, which can leak to other local users, system process listings, logs, web proxies, or referer headers. The instructions do advise not to paste tokens into chat/screenshots, but they still recommend an invocation pattern that exposes the token.
Install Mechanism: okNo install spec; this is essentially instruction+helper script that runs with the node binary. No downloads or external installers are used, so nothing arbitrary is written to disk beyond the included files.
Credentials: concernOnly JUST_ONE_API_TOKEN is required, which is appropriate for an API integration. However, the way the token is consumed is disproportionate to safe handling best-practices: the token is passed as a CLI argument and placed in the URL query string instead of being sent in an Authorization header or read from a protected input, increasing risk of accidental exposure.
Persistence & Privilege: okThe skill does not request persistent always-on inclusion, does not modify other skills/config, and has no install-time actions that alter agent/system state. Autonomous invocation remains enabled (default) but that is expected for skills.