Boring Instagram Publisher
Security checks across malware telemetry and agentic risk
Overview
This skill transparently helps publish or schedule Instagram posts through Boring, with the main risk being that it can post public content using a credential-bearing connector link.
Install only if you trust Boring with your Instagram publishing workflow. Keep the MCP Connector link private, use only media and captions intended for publication, and confirm the account, media, caption, and schedule before posting or canceling content.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.