ClawHub

Instagram API

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Instagram lookup wrapper, with the main caution that its JustOneAPI token is sent in URL query parameters.

Install only if you trust JustOneAPI and are comfortable sending Instagram usernames, post codes, hashtags, search terms, and your JustOneAPI token to that service. Use a scoped or low-risk token if available, avoid logging full request URLs, rotate the token if it may have appeared in logs, and handle retrieved social-media content according to privacy, copyright, platform, and organizational rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The top-level description claims the skill covers only profile, post details, and published posts, but the manifest also includes hashtag search and reels search. This mismatch can cause users or higher-level agents to authorize broader data collection than they intended, reducing transparency about external actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly enables retrieval of Instagram profile details, posts, reels, and related metadata from an external service, but it does not clearly warn users about the privacy implications of collecting and surfacing third-party social media content and account metadata. This can lead users to unknowingly process personal or sensitive profile data, especially in auditing, influencer vetting, or monitoring use cases.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill sends the API access token as a URL query parameter, which can be exposed through logs, browser/history equivalents, intermediary proxies, analytics systems, and error reporting. In this skill context, every operation requires the token and `applyQueryParams` appends it directly to the URL, making credential leakage systemic across all requests.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The skill and operation descriptions are broad and lack clear trigger boundaries, exclusions, or examples of when not to invoke them. In an agent setting, ambiguous descriptions can lead to over-broad activation and unnecessary transmission of user-supplied identifiers or search terms to the external API.

Missing User Warnings

High
Confidence
98% confidence
Finding
The manifest requires an API access token to be supplied as a query parameter, which is a sensitive credential-handling pattern because query strings are commonly logged by clients, proxies, gateways, and server infrastructure. The absence of an explicit warning or safer auth scheme increases the chance of credential exposure and reuse by unauthorized parties.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The manifest describes multiple operations that retrieve Instagram profile, post, and search data from a third-party service but does not provide a privacy or external-transmission warning. This can mislead users about where their requested usernames, hashtags, and tokens are being sent, undermining informed consent and safe use.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The operation requires users to send an access token to an external API service, but the documentation does not clearly disclose credential handling, storage, or trust boundaries. This can cause users or integrators to expose sensitive API credentials without understanding that they are being transmitted to a third party.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The description explicitly promotes archiving copied post content and media assets without warning about retention, copyright, privacy, or downstream storage risks. That increases the chance that users will collect and persist third-party content in ways that create legal, privacy, or data-handling exposure.

Credential Access

High
Category
Privilege Escalation
Content
"parameters": [
        {
          "defaultValue": null,
          "description": "Access token for the API service.",
          "enumValues": [],
          "location": "query",
          "name": "token",
Confidence
97% confidence
Finding
Access token

Credential Access

High
Category
Privilege Escalation
Content
"parameters": [
        {
          "defaultValue": null,
          "description": "Access token for the API service.",
          "enumValues": [],
          "location": "query",
          "name": "token",
Confidence
97% confidence
Finding
Access token

Credential Access

High
Category
Privilege Escalation
Content
"parameters": [
        {
          "defaultValue": null,
          "description": "Access token for the API service.",
          "enumValues": [],
          "location": "query",
          "name": "token",
Confidence
97% confidence
Finding
Access token

Credential Access

High
Category
Privilege Escalation
Content
"parameters": [
        {
          "defaultValue": null,
          "description": "Access token for the API service.",
          "enumValues": [],
          "location": "query",
          "name": "token",
Confidence
97% confidence
Finding
Access token

Credential Access

High
Category
Privilege Escalation
Content
"parameters": [
        {
          "defaultValue": null,
          "description": "Access token for the API service.",
          "enumValues": [],
          "location": "query",
          "name": "token",
Confidence
97% confidence
Finding
Access token

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal