v1.0.0

Itinerary Carousel Post Topaz

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:47 AM.

Analysis

This skill is purpose-aligned, but it can use account credentials to publish public Instagram content and push images to a GitHub repo without clearly declared permissions or an explicit final approval step.

GuidanceReview this skill before installing or invoking it. Make sure you understand which Topaz key, Instagram account, and GitHub repository it will use, and require a final approval before it pushes files or publishes the carousel publicly.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Host images publicly — copy slides to tabiji repo (`img/instagram/`), git push ... Create carousel container ... Publish: curl ... /media_publish

The skill instructs the agent to push generated images to a public GitHub-backed location and publish a carousel through the Instagram Graph API.

User impactThe agent could create public content and modify a repository/account as part of the workflow, which may be hard to undo after posting.

RecommendationRequire an explicit final user approval step before any git push or Instagram publish action, and clearly document which account/repository will be affected.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

Use the `instagram-photo-find` skill workflow ... python3 skills/instagram-photo-text-overlay/scripts/overlay.py

The skill relies on other local skills/scripts that are not included in this artifact set, so their behavior is outside the reviewed package.

User impactThe actual photo-finding and overlay behavior depends on external/local components that may have their own permissions or risks.

RecommendationReview the referenced skills/scripts before use, or include/pin the exact helper code and versions required by this skill.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

while true; do ... STATUS=$(curl -s ... | jq -r '.status') ... [ "$STATUS" = "Completed" ] && break ... sleep 3

The async Topaz polling loop has no maximum retry count, timeout, or failure stop condition.

User impactIf the external service never returns the expected completed status, the workflow could keep polling indefinitely until interrupted.

RecommendationAdd a timeout, maximum retry count, and explicit error handling for failed or unexpected Topaz job statuses.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

TOPAZ_API_KEY=$(security find-generic-password -s "topaz-api-key" -w) ... -d "access_token=${IG_TOKEN}"

The instructions read a Topaz API key from the local keychain and use an Instagram access token, but the supplied metadata declares no required credentials or environment variables.

User impactInstalling or using the skill may give the agent access to service credentials that can spend API quota, upload images, or publish to a connected Instagram account.

RecommendationDeclare the required Topaz and Instagram credentials in metadata, document the minimum scopes needed, and ensure the user confirms which credentials/account will be used.