Instagram Analytics
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill is purpose-aligned for Instagram analytics, but it requires a Boring MCP link that acts like a password and routes read-only account metrics through a third-party service.
Before installing, make sure you are comfortable connecting your Instagram Business or Creator account to Boring and sharing read-only analytics data through its MCP service. Treat the connector URL like a password, keep it private, and revoke or regenerate it if exposed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who obtains the MCP link could potentially access the connected analytics data allowed by that token.
The skill requires a connector URL containing an auth token for the user’s connected Instagram/Boring account. This is expected for the integration and disclosed, but it is still credential-bearing access.
MCP link is a credential: Your MCP Server URL (`https://boring.aiagent-me.com/mcp/t/xxxxx...`) contains an embedded authentication token. Treat it like a password
Keep the MCP link private, add it only in trusted connector settings, and revoke or regenerate it from Boring settings if it may have been exposed.
Your Instagram performance metrics and account metadata may be processed by Boring’s service in order to answer analytics questions.
The skill depends on a remote MCP/service flow where user analytics requests and resulting Instagram metrics pass through Boring’s hosted infrastructure.
Data flow: Analytics queries are sent from Boring's server (Google Cloud, us-central1) to the platform's API on your behalf. Only performance metrics are retrieved
Use the skill only if you trust Boring with read-only Instagram analytics data, and review Boring’s privacy/security documentation before connecting an account.
You are trusting the external Boring MCP service rather than locally reviewed skill code for the actual data access behavior.
The reviewed artifact does not include local code for the remote MCP service, and the registry source is listed as unknown. The dependency on Boring is disclosed and central to the purpose, but provenance is less transparent than a fully included, reviewable package.
Source: unknown ... No code files present — this is an instruction-only skill
Confirm the Boring service and its published source/docs are the provider you intend to trust before connecting your Instagram account.