auto-reply
v1.0.0Instagram DM auto-reply system. DM monitoring, reading, replying, security check (injection rejection). Use when checking Instagram DMs, reading unread messa...
⭐ 1· 816·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code implements an Instagram DM monitor and auto-reply flow that matches the description: it extracts cookies from a running browser via CDP, calls Instagram internal APIs, writes state/alert files, and exposes read/reply/check commands. That functionality is coherent with the stated purpose. However, the skill claims no required credentials/env but the code optionally uses environment variables (DISCORD_TOKEN, OWNER_DISCORD_ID, OPENCLAW_GATEWAY, BROWSER_PORT) which are not declared in the metadata — this mismatch reduces transparency.
Instruction Scope
SKILL.md tells you to run node scripts, which is expected, but the scripts do more than simple CLI calls: they connect to a local browser CDP endpoint and extract Instagram cookies (session tokens) and then call Instagram's internal endpoints. The watcher also writes dm-alert.json and dm-state.json to disk and can POST message previews to Discord if a bot token is present. The SKILL.md mentions Discord notifications in places but does not declare the required Discord credentials; the scripts access env vars that were not declared. Reading browser cookies and forwarding message previews to external services is a scope that should be explicitly documented and consented to.
Install Mechanism
This is an instruction-only skill (no install spec). It does include Node.js scripts and recommends the global 'ws' package; the lack of an install step keeps risk lower than an arbitrary download/install. The user still needs to install 'ws' and run Node scripts locally.
Credentials
The skill metadata declares no required env vars or primary credential, but the code reads several environment variables if present: BROWSER_PORT (optional), DISCORD_TOKEN and OWNER_DISCORD_ID (to notify via Discord), and OPENCLAW_GATEWAY (defined but not used). Extracting cookies from the browser (csrftoken, ds_user_id) is necessary to operate but is highly sensitive — those session cookies effectively let the tool act as your Instagram user. The optional Discord behavior will send message previews out of your environment if a Bot token is configured. These environment/credential accesses are not fully documented in the metadata and thus are disproportionate to the declared 'none'.
Persistence & Privilege
The skill does not set always:true and does not modify other skills. It writes local files (dm-alert.json, dm-state.json) in its directory for state/alerting and can be run as a daemon or via cron; that persistence is expected for a watcher. Nothing in the code appears to elevate system privileges or alter other skills' configurations.
What to consider before installing
This skill will extract Instagram session cookies from a running browser via the Chrome DevTools Protocol and use them to call Instagram's internal APIs — that is required for it to read and reply to DMs but is sensitive because those cookies let the tool act as your account. The scripts can also send message previews to Discord if you set DISCORD_TOKEN and OWNER_DISCORD_ID (these env vars are used but not declared in the skill metadata). Before installing or running: (1) review and trust the author/source of the code; (2) run the scripts in an isolated environment or non-critical account if you want to test; (3) do not provide a Discord bot token unless you intentionally want message previews sent externally; (4) be aware that dm-alert.json and dm-state.json will contain message content on disk; (5) if you need full assurance, audit the v2.js cookie-extraction and igRequest code paths and confirm there are no additional outbound endpoints beyond instagram.com and optional discord.com. If you want to proceed, add explicit environment constraints and only enable external notifications consciously.Like a lobster shell, security has layers — review code before you run it.
latestvk971x8qhzj872tp69afh48wxvs817gmm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.