Publora Instagram
PassAudited by ClawScan on May 10, 2026.
Overview
The skill matches its stated purpose, but it can schedule public Instagram content through Publora, so users should confirm the account, media, caption, and timing before use.
Use this skill only with a trusted Publora account and a dedicated API key. Before posting or scheduling, review the Instagram account, caption, media, post type, and scheduled time, and upload only files you intend to publish.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with the wrong account, caption, media, or time, the agent could schedule public Instagram content the user did not intend.
The skill documents a direct API call that creates or schedules Instagram posts. This is expected for the purpose, but it is a public-account mutation capability users should review carefully.
fetch('https://api.publora.com/api/v1/create-post', { ... platforms: ['instagram-17841412345678'], scheduledTime: '2026-03-20T12:00:00.000Z' })Require an explicit user confirmation of the Instagram account, media files, caption, post type, and scheduled time before calling the create-post API.
A Publora key may allow posting or scheduling through the user's connected workspace and Instagram accounts.
The skill expects a Publora API key that can act on connected Instagram accounts. This is purpose-aligned, but the registry metadata lists no primary credential.
**Header:** `x-publora-key: sk_YOUR_KEY`
Use a dedicated, revocable Publora key with the minimum needed workspace access, and do not paste or store it in shared chats or logs.
Images or videos selected for posting will be sent to Publora's upload flow and then used for Instagram publishing.
The workflow uploads media bytes to a provider-supplied upload URL, described as S3. This is expected for media publishing, but it means selected media leaves the local environment.
await fetch(upload.uploadUrl, { method: 'PUT', headers: { 'Content-Type': 'image/jpeg' }, body: imageFileBytes });Upload only intended public media, verify the generated upload URL belongs to the expected Publora/S3 flow, and avoid including private or sensitive files.