Skillv1.0.3

ClawScan security

Boring Instagram Publisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 27, 2026, 9:00 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions line up with its stated purpose (publishing to Instagram via Boring), but it relies on a single powerful connector URL that you must trust because media and posting tokens are sent to a third party.
Guidance: This skill appears internally consistent, but you must trust Boring before using it. The MCP Connector URL contains an embedded auth token that lets Boring act on your Instagram Business/Creator account and re-host media on Boring's cloud. Before installing or pasting a connector link: 1) Verify you trust the service (review privacy, terms, and the provided homepage). 2) Treat the MCP link like a password — do not post it publicly and regenerate it if leaked. 3) Test with a non-critical Instagram account first (or remove posting permissions temporarily). 4) Be aware media you upload will be uploaded to Boring's storage and then sent to Instagram. 5) Understand the agent can autonomously call the connector (it may post/schedule if instructed), so restrict usage or require explicit confirmation for publishing. If you need stronger assurance, ask the skill author for details about the connector scope (exact permissions granted) and how long-lived tokens are handled.

Review Dimensions

Purpose & Capability: okThe skill is explicitly an adapter for Boring's Instagram publishing flow and only asks for the MCP Connector link (an embedded auth token). No unrelated binaries, env vars, or install steps are requested — this is proportionate to its purpose.
Instruction Scope: noteSKILL.md instructs the agent to call boring_* actions (list accounts, upload media, publish/schedule/cancel). It explicitly re-hosts local files or external URLs to Boring's Google Cloud Storage before posting. The instructions do not ask the agent to read unrelated files or system credentials, but they do direct user media and captions to a third party (Boring) and rely on the connector token to perform posts on the user's behalf.
Install Mechanism: okNo install spec or code is included (instruction-only). That minimizes disk-write/execution risk — nothing is downloaded or installed by the skill itself.
Credentials: noteThe single required artifact is an MCP link that embeds an auth token. That is expected for a connector-based publisher, but it is powerful: the link likely grants Boring access to your Instagram OAuth tokens and the ability to publish/schedule/cancel posts on your account. Treat the MCP link like a password and only provide it to services you trust.
Persistence & Privilege: okalways:false and user-invocable:true are appropriate. disable-model-invocation is false (normal), so the agent can autonomously call the connector when allowed — combine that with the connector's posting privileges and you can get automated posts if the agent is instructed to do so.