Instagram Publisher

Security checks across malware telemetry and agentic risk

Overview

This Instagram publishing skill does what it advertises, but its security section understates that it can upload media and create or schedule public posts through a credential-bearing connector.

Install only if you trust Boring with publish access to the connected Instagram account. Treat the MCP URL like a password, connect only accounts you intend the agent to use, upload only media meant for public posting, and require the agent to show final account, media, caption, and schedule details before publishing or canceling anything.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The skill’s data-handling section is internally inconsistent: it claims only analytics metrics are retrieved and that no content is uploaded or modified, while later steps explicitly instruct uploading media and publishing or scheduling Instagram posts. This misleading disclosure can cause users or downstream agents to underestimate the write capabilities and sensitivity of the embedded MCP token, increasing the chance of unsafe use or overbroad trust.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal