Instagram Api
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its Instagram/Threads posting purpose, but the Threads script runs an undeclared helper from an author's local path before publishing.
Review before installing. If you use it, assume selected media is uploaded to Imgur as a public URL, confirm every caption and media file before posting, store tokens carefully, and avoid the Threads script until the undeclared `/Users/tomas/.../clean_md.py` dependency is fixed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Threads posting may fail, or it may run local code that was not included in the reviewed skill package before publishing content.
The script executes a Python helper from an absolute, author-specific path that is not included in the manifest or described in SKILL.md.
CAPTION=$(python3 /Users/tomas/.openclaw/workspace/scripts/utils/clean_md.py --threads < "$CAPTION_FILE")
Do not use the Threads script until this helper is bundled and reviewed, replaced with inline code, or removed; avoid absolute paths to an author's local workspace.
A mistaken invocation can publish content publicly and create a public Imgur-hosted copy of the media.
When invoked, the script uploads the selected media to Imgur and then calls Meta's publish endpoint. This is expected for the skill, but it is an external upload plus a public account mutation.
"https://api.imgur.com/3/image" ... Request(f"{api}/{ig_id}/media_publish", data=params)Only run the scripts with final, approved media and captions; consider adding an explicit confirmation or dry-run step before publish.
Anyone or any agent process with these tokens can post through the connected accounts within the token's permissions.
The skill requires account tokens and IDs to publish to Instagram and optionally Threads. This is purpose-aligned, but the registry metadata lists no required env vars or primary credential.
requires_env:\n - INSTAGRAM_ACCESS_TOKEN\n - INSTAGRAM_BUSINESS_ACCOUNT_ID\n - IMGUR_CLIENT_ID
Use least-privileged tokens, store them securely, revoke them when no longer needed, and treat the registry credential metadata as incomplete.
If the local .env file is modified by something untrusted, running the script could execute unintended shell commands.
The Threads script shell-sources the local .env file. This is a common credential-loading pattern, but shell sourcing executes any commands present in that file.
if [ -f ~/.openclaw/.env ]; then source ~/.openclaw/.env; fi
Keep `~/.openclaw/.env` private and export-only, restrict its permissions, and avoid sourcing untrusted environment files.