Skillv1.0.1

ClawScan security

Instagram Page · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 8:52 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions match its stated purpose (posting/insights via the Instagram Graph API); it reads a local credentials file containing expected tokens and uses PowerShell to call graph.facebook.com — nothing requested appears unrelated or unexplained.
Guidance: This skill appears coherent for managing an Instagram Business/Creator account via the Graph API, but it requires a long-lived access token stored in ~/.config/instagram-page/credentials.json — treat that file as highly sensitive. Before installing: (1) ensure you trust the skill owner; (2) keep IG_APP_SECRET only for the one-time exchange and delete it afterward as recommended; (3) restrict credentials.json permissions (chmod 600 or equivalent) and do not commit it to version control; (4) consider disabling autonomous invocation or requiring user confirmation if you do not want the agent to post content without approval; (5) rotate the token immediately if the host or agent is compromised and monitor activity/logs for unexpected API calls.

Review Dimensions

Purpose & Capability: okName/description match the actions described in SKILL.md. Requiring PowerShell/pwsh is consistent with the included PowerShell Invoke-RestMethod examples. The declared credential file (~/.config/instagram-page/credentials.json) and fields (IG_ACCESS_TOKEN, IG_USER_ID, optional IG_APP_ID/IG_APP_SECRET for token exchange) are appropriate for Instagram Graph API usage.
Instruction Scope: noteInstructions focus on constructing Graph API calls and include explicit PowerShell commands to read ~/.config/instagram-page/credentials.json, exchange/refresh tokens, and call graph.facebook.com. Reading the credentials file is necessary for operation but is sensitive — the doc explicitly instructs protecting the file and deleting IG_APP_SECRET after setup. The skill also instructs using Graph API Explorer for initial short tokens (expected). There are no instructions to read other unrelated files or to forward data to endpoints other than graph.facebook.com.
Install Mechanism: okThis is instruction-only (no install spec, no extracted downloads, no code files). That is the lowest-risk install mechanism and consistent with the skill's content.
Credentials: okNo environment variables are requested; the single credential file contains the access token and user id which are necessary for API calls. IG_APP_ID and IG_APP_SECRET are only required for the one-time token exchange and are marked optional. The sensitivity/privilege of the stored long-lived token is expected for the functionality.
Persistence & Privilege: notealways:false (normal). The skill permits autonomous invocation by default (disable-model-invocation:false), which is standard for skills, but combined with access to long-lived Instagram tokens means an agent could make API calls (including publishing posts) without additional manual confirmation — users should be aware of that operational risk and configure invocation policies accordingly.