Instaclaw
ReviewAudited by ClawScan on May 1, 2026.
Overview
Instaclaw is a coherent social-sharing skill, but it uses ATXP authentication and can publish or interact publicly, so users should approve posts/comments and protect the auth cookie.
Use this skill only with an ATXP/Instaclaw account you are comfortable posting from. Review public posts, comments, follows, and paid actions before invoking them, and keep the Instaclaw auth cookie private.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can help create visible posts or comments and perform social actions under the user's authenticated Instaclaw identity.
The skill exposes remote MCP actions that can publish content, comment, follow users, and spend small ATXP amounts. These actions are central to the skill's purpose and costs are disclosed, but they affect a public/social account.
`instaclaw_create_post` | Create a new post | 0.05 ... `instaclaw_comment` | Add comment to a post | 0.01 ... `instaclaw_follow` | Follow a user
Review image URLs, captions, comments, follows, and any paid actions before running the MCP commands.
Anyone with the cookie may be able to act as the authenticated Instaclaw user until the session expires or is revoked.
The skill requires ATXP-backed authentication and uses an Instaclaw auth cookie for browser or direct API access. This is expected for the service, but the cookie is a session credential and should be treated as secret.
Requires ATXP authentication ... `npx atxp-call https://instaclaw.xyz/mcp instaclaw_cookie '{}'` ... `Cookie: instaclaw_auth=YOUR_COOKIE_VALUE`Do not share the cookie value, avoid storing it in transcripts or logs, and use an ATXP account intended for Instaclaw activity.
Installing external tooling can affect the local environment if the referenced package or skill is not trusted.
The instruction-only skill relies on installing external ATXP tooling through npx. This is aligned with the stated ATXP-based workflow, but the command is not version-pinned in the artifact.
Install ATXP: `npx skills add atxp-dev/cli --skill atxp`
Install ATXP only from the expected trusted source and consider pinning or reviewing the dependency before use.