Instagram社媒数据采集

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed Instagram data-query wrapper, but it contains non-Instagram fallback instructions and under-disclosed privacy risks for broad social-media data collection.

Install only if you intentionally want a third-party MaxHub service to query Instagram data on your behalf. Review the Douyin fallback table before use, keep the API key in a secret/config store, avoid broad or bulk collection of personal/social-graph/location data unless you have a legitimate basis, and be explicit when invoking the skill so ordinary searches do not accidentally trigger it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill is explicitly branded and documented as an Instagram-only assistant, yet its downgrade logic instructs the agent to call Douyin/Xiaohongshu endpoints. This cross-platform mismatch can cause unintended data transmission to unrelated APIs, incorrect execution paths, and policy bypass by sending user queries to services outside the declared scope.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The security declaration claims all endpoints are legitimate read-only Instagram APIs, but later instructions route to Douyin endpoints during error handling. This contradiction is dangerous because it can mislead reviewers and users about actual network behavior, undermining trust boundaries and causing unauthorized external requests beyond the stated functionality.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The example prompts are extremely short generic terms such as "用户", "资料", "搜索", and "翻译", which are likely to appear in ordinary conversation and can cause accidental invocation of the skill. Because this skill exposes broad Instagram data retrieval capabilities, unintended activation could trigger external API calls, consume quota, and retrieve social media data when the user did not explicitly intend to use this skill.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The example trigger phrases are extremely broad and overlap with common conversational words such as '用户', '搜索', and '翻译'. In an agent environment, this can cause unintended invocation of the Instagram skill during ordinary user requests, leading to accidental external API calls and unintended access or retrieval of social-media data.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The file documents APIs that retrieve Instagram user, comment, likes, tagged-post, location, and highlight data via a third-party service, but it provides no user-facing notice about privacy implications, data provenance, consent expectations, or third-party transmission. In an agent skill, this omission can cause operators or downstream users to unknowingly process personal data and send identifiers/URLs to an external endpoint, creating privacy, compliance, and trust risks.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The document instructs users to authenticate with a bearer token but provides no warning that the API key is a secret, should not be embedded in prompts, logs, or client-side code, and must be handled as sensitive credential material. In an agent setting, this increases the chance of accidental key disclosure through chat transcripts, tool traces, or copied examples.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The location search documentation normalizes sending precise latitude and longitude to an external service without any privacy notice, consent guidance, or recommendation to minimize precision. In a consumer-facing agent, users may unknowingly transmit sensitive location data that can reveal home, work, or real-time whereabouts.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: These endpoints document access to account-history data such as account creation details, region, and former usernames without any stated privacy constraints, authorization expectations, or user-impact warning. In a skill centered on Instagram data collection, that omission normalizes potentially invasive profiling and could enable misuse for doxxing, stalking, or identity correlation.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation exposes follower/following, stories, highlights, and reels retrieval as routine features but provides no warning that these endpoints collect social-graph data and ephemeral content. In this context, that increases the risk of bulk surveillance, relationship mapping, and collection of time-sensitive user content without clear safeguards.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This file documents extensive Instagram data-retrieval capabilities covering profiles, followers, following, stories, highlights, comments, hashtags, locations, and search endpoints, but it provides no privacy notice, permissible-use guidance, or data-handling constraints. In a skill explicitly designed for broad social-media data querying, that omission increases the risk of misuse for profiling, surveillance, or collection of personal data without clear user safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal