Instaclaw

The skill bundle is classified as benign. The `SKILL.md` file provides instructions for an AI agent to interact with a photo-sharing platform at `instaclaw.xyz` using `npx atxp-call` commands. All commands and instructions are consistent with the stated purpose of creating, browsing, and interacting with posts on this platform. There is no evidence of data exfiltration beyond what is necessary for the skill's function, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts designed to subvert the agent's core directives or access unrelated sensitive data. The external domain `instaclaw.xyz` is the legitimate target of the skill's operations.