Threads Analytics
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill is purpose-aligned for read-only Threads analytics, but users should protect the MCP link because it is a password-like token for a third-party service.
This appears suitable if you want read-only Threads analytics and trust Boring as the connector provider. Before installing, make sure you are comfortable giving Boring OAuth-based access to your Threads metrics, keep the MCP link private, and use the revoke/regenerate option if the link is exposed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who obtains the MCP link could potentially access the connected account's read-only analytics until the token is revoked or regenerated.
The connector URL functions as a credential for the user's Threads analytics access. This is clearly disclosed and aligned with the skill's purpose, but it must be protected.
Your MCP Server URL (`https://boring.aiagent-me.com/mcp/t/xxxxx...`) contains an embedded authentication token. Treat it like a password
Only add the connector if you trust Boring, keep the MCP link private, and revoke or regenerate it if it may have been shared.
Threads performance data and account metadata may be processed by Boring's cloud infrastructure when the skill is used.
The skill uses an external MCP/service path for account analytics data. The flow is disclosed and purpose-aligned, but it means metrics and account metadata pass through a third-party service.
Analytics queries are sent from Boring's server (Google Cloud, us-central1) to the platform's API on your behalf.
Review Boring's service terms and privacy practices, and avoid connecting accounts whose analytics you do not want processed by that service.
The local artifact does not run code, but the connected external service is the component that handles authentication and data access.
The skill is instruction-only and depends on an external Boring MCP service rather than bundled reviewable code. This is not suspicious by itself, but users are relying on the external service's provenance and behavior.
Source: unknown; Homepage: https://boring-doc.aiagent-me.com/getting-started/mcp.html
Verify that the Boring service and documentation are the intended provider before connecting your Threads account.