summitentertainmentstudio
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill contains what appears to be a personal Instagram data export, including messages, profile, location, and login-related files, but the skill description does not explain why that sensitive data is included.
Review this package very carefully before installing. It does not appear to contain executable code, but it does include sensitive personal Instagram export data that is not explained by the skill description. Only install it if you intentionally want that data available, and otherwise ask the publisher to remove the private files.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this skill may expose personal Instagram archive data to the agent or anyone with access to the skill package.
The bundle contains private-looking Instagram profile, message, login, and location-related files. If installed or read by an agent, this sensitive data could be exposed or pulled into model context without a clear user purpose.
personal_information/personal_information/instagram_profile_information.html; your_instagram_activity/messages/inbox/.../message_1.html; security_and_login_information/login_and_profile_creation/login_activity.html; personal_information/information_about_you/locations_of_interest.html
Do not install unless you intentionally want this exact Instagram data archive available to the agent; remove private export files before publishing or installing.
A user could install the skill thinking it is a generic entertainment-studio skill, not realizing it contains sensitive personal account data.
The skill documentation provides no explanation of the included sensitive Instagram export files, making the package materially under-disclosed.
# summitentertainmentstudio summitentertainmentstudio
Require a clear description of the bundle contents and purpose, or reject the package until the unrelated personal-data files are removed.
The package contents do not match the advertised skill type, so users cannot easily understand what they are installing.
The package is presented as an instruction-only skill, yet it ships a large unrelated data bundle. This is an unexpected package-content/provenance issue even though no executable code is present.
No install spec — this is an instruction-only skill. No code files present — this is an instruction-only skill. File manifest: 74 file(s)
Publish only the intended skill instructions and necessary assets; exclude personal archives and document all included files.