ClawHub

insta-post

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for Instagram posting, but it can publish to a logged-in account automatically, so it needs careful review before use.

Install only if you are comfortable letting an agent control a logged-in Instagram tab and publish real posts. Before each run, explicitly verify the target account, selected media paths, caption, and collaborators, and do not allow unattended posting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill description understates important operational behavior: it relies on a live logged-in Instagram session via a local browser debugging endpoint and can publish content to a real account. That mismatch is dangerous because users or orchestrators may invoke the skill without understanding it can directly control an authenticated browser session and perform irreversible posting actions.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation description is broad enough to match common requests about Instagram content creation or uploads, increasing the chance of accidental activation. In this context, accidental invocation is meaningful because the skill can drive a logged-in browser and publish to a live social-media account.

Missing User Warnings

High
Confidence
96% confidence
Finding
The documentation does not clearly warn that the skill will act through an already authenticated Instagram session and may publish content immediately to a live account. This is dangerous because users may assume a draft or sandbox flow, while the skill's actual behavior can cause unintended public posting, reputational harm, or account misuse.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script performs the final Instagram share action automatically once invoked, with no explicit confirmation gate immediately before publication. In the context of a live authenticated browser session, this can cause unintended public posting if the caption, selected media, or target state is wrong, making the action irreversible or difficult to fully undo.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal