Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Itinerary Carousel Post
v1.0.0Create and publish an Instagram carousel post from a tabiji.ai itinerary. Given an itinerary URL, finds Instagram-worthy photos for the destination + top att...
⭐ 0· 677·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The high-level purpose (sourcing photos, applying overlays, publishing a carousel) matches the steps in SKILL.md, but the instructions assume access to: a specific GitHub repo (psyduckler/tabiji), local overlay scripts at skills/instagram-photo-text-overlay/scripts/overlay.py, and an 'instagram-photo-find' skill workflow. None of these dependencies, paths, or credentials are declared in the skill metadata — this is disproportionate to the stated simple publish task and indicates hidden operational requirements.
Instruction Scope
Instructions tell the agent to: run web searches and curl to download Instagram images, read Instagram tokens from macOS Keychain, copy images into a repo and git push/delete files, call the Graph API with ${IG_TOKEN}/${IG_USER}, and clean up local files. The SKILL.md references secrets (instagram-access-token, instagram-account-id) and local repo paths that are not listed in requires.env or requires.config. It also references other local scripts and a separate skill. These are sensitive operations and the instructions reach outside a narrowly scoped 'publish' task (accessing keychain and pushing to repositories).
Install Mechanism
No install spec and no code files are included, which is low-risk from an installation perspective. However, the runtime assumes local Python overlay scripts and other skills that are not provided — meaning the agent will fail unless those external artifacts exist or it has network access to fetch them.
Credentials
The skill does not declare any required environment variables or credentials, yet the instructions require an Instagram Graph API access token and an account ID (and reference retrieving keys from macOS Keychain). It also requires push access to a GitHub repo (implying git credentials). Requesting account tokens and repository write access is sensitive and should be explicitly declared and minimized. The mismatch between declared and required credentials is a red flag.
Persistence & Privilege
The skill is not always-included and does not request elevated platform privileges. It does, however, instruct the agent to modify a remote repo (git push / git rm), which requires credentials and grants external persistence of images; that operational effect is significant but not encoded as a platform permission in the skill metadata.
What to consider before installing
This skill's workflow looks plausible for publishing Instagram carousels, but it assumes access to secrets and resources that are not declared: an Instagram Graph API token and account ID (stored in your macOS Keychain), write access to a specific GitHub repo (psyduckler/tabiji), and a local overlay script plus another skill for photo-finding. Before installing or running this skill, verify: (1) who authored the skill and whether it is intended to run in your environment; (2) you are comfortable granting access to your Instagram API token and any git credentials — prefer short-lived tokens or a dedicated account; (3) the referenced local scripts and repo exist and are safe; (4) run it in a sandboxed environment first (no access to your primary keychain or production repos). If you cannot confirm those points, do not provide real credentials or repo write access and consider rejecting the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97fp5jxs5st80ch82mpmsb12981ap2x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.