Back to skill

Security audit

Instagram Reels Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill openly automates an already-open Instagram DM tab to collect reel links and save them locally, which is privacy-sensitive but coherent with its stated purpose.

Install only if you are comfortable letting an agent inspect an already-open Instagram DM inbox and save sender IDs plus reel links to a local CSV. Review where instagram_reels.csv is created, delete it when no longer needed, and detach the browser relay when you do not want DM monitoring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill extracts data from private Instagram direct messages and writes sender identifiers plus reel links to a local CSV without any warning, consent check, retention limit, or data-handling safeguards. Because DMs are private communications, silently persisting derived data creates a real privacy and compliance risk, especially if the CSV is later accessed, synced, or exfiltrated.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.