ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

insta-post

v1.0.1

Upload Instagram posts via browser automation. Use when uploading images to Instagram, creating Instagram posts, or automating Instagram content publishing....

0· 681·3 current·3 all-time
by@mupengi-bot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description claim browser-based Instagram uploads, and the included script (scripts/post.js) implements that by connecting to a local CDP (default 127.0.0.1:18800) and driving Instagram UI — this is coherent. However, the SKILL.md references OpenClaw browser tool commands and a Quick Upload command that calls node on 'scripts/post.sh' (a mismatched filename/extension). Also no declared Node/npm dependencies are listed even though the script requires puppeteer-core and commander. These inconsistencies reduce confidence in the package hygiene.
!
Instruction Scope
SKILL.md instructs using the OpenClaw browser snapshot/upload tooling and workspace TOOLS.md for collaborators; the script instead uses puppeteer-core to connect to the local CDP and performs DOM clicks/uploads. The instructions do not ask for unrelated files or secrets, but they do require and will use a logged-in browser session (i.e., it acts with whatever account is logged in). The mismatched command (post.sh vs post.js) and mixed guidance vs implementation grant broad discretion to the agent/operator and may cause accidental actions if UI selectors click unexpected elements.
Install Mechanism
No install spec is provided (instruction-only style), and the repository includes a runnable Node script. The script depends on npm packages (puppeteer-core, commander) but the skill does not declare or install them; users must install dependencies themselves. This is not inherently malicious but is fragile and increases risk of misconfiguration or running outdated/unreviewed dependencies.
Credentials
The skill requests no credentials or sensitive environment variables. It optionally reads BROWSER_PORT from env (default 18800). It does require local filesystem access to image files and access to a local browser debugging endpoint — both are appropriate for the stated purpose. Note: because it drives whatever browser session is active, it effectively uses the user's Instagram authentication present in that browser tab.
Persistence & Privilege
always is false and there is no install-time persistence or modification of other skills or system-wide configs. The skill does run actions within a logged-in browser session, which is expected for a posting tool, but it does not request elevated or persistent platform privileges.
What to consider before installing
What to consider before installing/using: - Functionality: The script automates an Instagram post by connecting to your local OpenClaw browser CDP (default 127.0.0.1:18800). It will act as the currently logged-in browser user — if that session is logged into your Instagram account it can publish on your behalf. - Inconsistencies: SKILL.md shows a Quick Upload command calling 'scripts/post.sh' but the package contains scripts/post.js. The README/installation does not list required npm packages (puppeteer-core, commander). Expect to manually install dependencies and verify the correct command before running. - Risk surface: No external endpoints or secret env vars are requested, but because the skill drives your browser it can interact with any open tabs or UI elements if selectors mis-target. Test in a controlled environment (e.g., a disposable/test Instagram account and test browser/profile) before using with your primary account. - Operational safety: Verify and run the script locally after inspecting it. Ensure OpenClaw/browser is bound to localhost and the port is correct. Avoid running on a machine with other sensitive logged-in sessions. Check console output for any unexpected network endpoints or logs before giving it broader use. - What would increase trust: a corrected SKILL.md (accurate run command), a package.json listing explicit dependencies and versions, an install spec or instructions, and clearer owner/contact info. If you want higher assurance, request a checksumed release or a source provenance link (GitHub repo/release) and a short changelog.

Like a lobster shell, security has layers — review code before you run it.

latestvk979qnmxn9163bx31fch26pm41819z6v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments