ClawHub

auto-reply

Instagram DM auto-reply system. DM monitoring, reading, replying, security check (injection rejection). Use when checking Instagram DMs, reading unread messa...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 583 · 5 current installs · 5 all-time installs
by@mupengi-bot
MIT-0
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements an Instagram DM monitor and auto-reply flow that matches the description: it extracts cookies from a running browser via CDP, calls Instagram internal APIs, writes state/alert files, and exposes read/reply/check commands. That functionality is coherent with the stated purpose. However, the skill claims no required credentials/env but the code optionally uses environment variables (DISCORD_TOKEN, OWNER_DISCORD_ID, OPENCLAW_GATEWAY, BROWSER_PORT) which are not declared in the metadata — this mismatch reduces transparency.
!
Instruction Scope
SKILL.md tells you to run node scripts, which is expected, but the scripts do more than simple CLI calls: they connect to a local browser CDP endpoint and extract Instagram cookies (session tokens) and then call Instagram's internal endpoints. The watcher also writes dm-alert.json and dm-state.json to disk and can POST message previews to Discord if a bot token is present. The SKILL.md mentions Discord notifications in places but does not declare the required Discord credentials; the scripts access env vars that were not declared. Reading browser cookies and forwarding message previews to external services is a scope that should be explicitly documented and consented to.
Install Mechanism
This is an instruction-only skill (no install spec). It does include Node.js scripts and recommends the global 'ws' package; the lack of an install step keeps risk lower than an arbitrary download/install. The user still needs to install 'ws' and run Node scripts locally.
!
Credentials
The skill metadata declares no required env vars or primary credential, but the code reads several environment variables if present: BROWSER_PORT (optional), DISCORD_TOKEN and OWNER_DISCORD_ID (to notify via Discord), and OPENCLAW_GATEWAY (defined but not used). Extracting cookies from the browser (csrftoken, ds_user_id) is necessary to operate but is highly sensitive — those session cookies effectively let the tool act as your Instagram user. The optional Discord behavior will send message previews out of your environment if a Bot token is configured. These environment/credential accesses are not fully documented in the metadata and thus are disproportionate to the declared 'none'.
Persistence & Privilege
The skill does not set always:true and does not modify other skills. It writes local files (dm-alert.json, dm-state.json) in its directory for state/alerting and can be run as a daemon or via cron; that persistence is expected for a watcher. Nothing in the code appears to elevate system privileges or alter other skills' configurations.
What to consider before installing
This skill will extract Instagram session cookies from a running browser via the Chrome DevTools Protocol and use them to call Instagram's internal APIs — that is required for it to read and reply to DMs but is sensitive because those cookies let the tool act as your account. The scripts can also send message previews to Discord if you set DISCORD_TOKEN and OWNER_DISCORD_ID (these env vars are used but not declared in the skill metadata). Before installing or running: (1) review and trust the author/source of the code; (2) run the scripts in an isolated environment or non-critical account if you want to test; (3) do not provide a Discord bot token unless you intentionally want message previews sent externally; (4) be aware that dm-alert.json and dm-state.json will contain message content on disk; (5) if you need full assurance, audit the v2.js cookie-extraction and igRequest code paths and confirm there are no additional outbound endpoints beyond instagram.com and optional discord.com. If you want to proceed, add explicit environment constraints and only enable external notifications consciously.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk971x8qhzj872tp69afh48wxvs817gmm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Instagram DM Auto-Reply 🐧

v2.js (Internal API) based. 0 browser snapshots, CDP cookie extraction → Instagram REST API direct calls.

Prerequisites

  • OpenClaw browser running (port 18800)
  • Instagram tab open and logged in
  • ws npm package (npm i -g ws or local)

Script List

ScriptPurpose
scripts/v2.jsDM CLI (inbox, unread, check, read, reply)
scripts/auto-reply.jsRead dm-alert.json, security check, return reply metadata
scripts/check-notify.jsCheck new DM notifications (for cron, state file based)
scripts/dm-watcher.jsReal-time DM detection daemon (15s polling)

Core Workflows

1. Check DMs

node scripts/v2.js check        # unread count (lightest)
node scripts/v2.js unread       # unread DM list
node scripts/v2.js inbox        # full DM list

2. Read Messages

node scripts/v2.js read "<username>" -l 5

3. Reply

node scripts/v2.js reply "<username>" "message content"

On API failure, returns JSON with method: "use_browser" + threadUrl → fallback to browser tool.

4. Notification Check (cron integration)

node scripts/check-notify.js
  • If new DMs: outputs 📩 새 DM N건: ...
  • If none: outputs no_new
  • Uses state file dm-state.json to prevent duplicates

5. Auto-Reply Flow

node scripts/auto-reply.js
  1. Read dm-alert.json (created by dm-watcher)
  2. Run security check on each DM
  3. Return results: needs_reply / security_alert / skipped
  4. AI generates replies for needs_reply DMs → send via v2.js reply

6. Real-time Detection Daemon

node scripts/dm-watcher.js              # detection only
node scripts/dm-watcher.js --auto-reply  # includes Discord notification

Polls v2.js check every 15s. On new DM detection, writes dm-alert.json + Discord DM notification.

Security Check (Injection Rejection)

auto-reply.js's SECURITY_PATTERNS detects:

  • Prompt Injection: "ignore previous", "system prompt", "you are now", "act as", "pretend"
  • Jailbreak Attempts: "override", "jailbreak", "DAN mode", "bypass"
  • Sensitive Info Requests: "secret key", "private key", "seed phrase", "wallet address"
  • Code Execution Attempts: "execute command", "run script", "eval(", "rm -rf", "sudo"
  • Social Engineering: "simulation mode", zero-width characters

On threat detection → don't reply, return security_alert. Separate notification sent.

Cron Setup Example

# Check DMs every 5 minutes
- schedule: "*/5 * * * *"
  command: "node /path/to/scripts/check-notify.js"
  systemEvent: true

# Or dm-watcher daemon for continuous monitoring
- schedule: "@reboot"
  command: "node /path/to/scripts/dm-watcher.js --auto-reply"
  background: true

Token Efficiency

  • inbox/check: exec 1 call (~500 tokens)
  • reply: exec 1 call (~200 tokens)
  • browser snapshots: 0

🐧 Built by 무펭이Mupengism ecosystem skill

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…