Unipile Instagram Sdk

Security checks across malware telemetry and agentic risk

Overview

The skill matches its advertised Instagram automation purpose, but it enables write-capable account actions by default while also claiming read-only safety.

Review this before installing. Use it only if you trust Unipile with the connected Instagram account, set UNIPILE_PERMISSIONS=read unless you intentionally need posting or messaging, and consider a dedicated account rather than a personal main account.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The documentation is internally inconsistent: it states the skill is read-only by default, but elsewhere documents the default as `read,write`. For a skill that can send DMs, create posts, and react/comment on behalf of a user, this mismatch can cause users to believe they are operating safely while the skill actually has write capability.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The CLI defaults to `read,write` permissions when `UNIPILE_PERMISSIONS` is unset, which means operators may unknowingly run a tool capable of sending messages, starting chats, commenting, reacting, or creating posts. In an agent/automation context, insecure defaults increase the chance of unintended outbound actions on a real Instagram account and violate least-privilege expectations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal