Instagram Content Studio
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its Instagram-management purpose, but it uses powerful account tokens and refresh outputs can expose access tokens in agent logs, so it should be reviewed before use.
Use this only with a dedicated Meta app and minimum permissions. Review every publish/comment action before approving it, avoid sharing refresh-command output or logs, and only upload local files you are comfortable briefly exposing through a temporary tunnel.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an access token is exposed in logs or chat history, someone with access to it may be able to manage the connected Instagram/Facebook account until the token is revoked or expires.
The refresh helper returns the full refreshed access token, and the refresh scripts serialize their result to stdout. This can place a live credential in agent transcripts or logs.
return { access_token: newToken, expires_in: data.expires_in, expires_in_days: expiresInDays };Avoid running refresh commands unless necessary, do not share logs containing refresh output, and consider changing the scripts to omit or redact access_token from stdout.
A mistaken approval could publish unwanted media or comments on the connected Instagram account.
The skill can publish posts and write comments/replies, which are public account mutations; the instructions add a confirmation step before those actions.
When publishing images or videos, always confirm the caption with the user before executing. ... When writing comments/replies, confirm the content with the user before executing.
Review the exact media path/URL, caption/comment text, and target post/comment ID before approving any publish or comment command.
Using local media posting will run cloudflared on the user's machine.
The code starts an external cloudflared process for local uploads. The command is fixed and matches the disclosed upload mechanism.
tunnelProcess = spawn("cloudflared", [
"tunnel",
"--url",
`http://localhost:${port}`,
]);Install cloudflared only from a trusted source and use local uploads only when you understand that a temporary tunnel will be created.
Any local file selected for upload may be briefly reachable through the tunnel during posting.
Selected local files are temporarily exposed through a Cloudflare tunnel so Instagram can download them. This is disclosed and purpose-aligned, but it affects local file privacy.
Local image/video posting starts a temporary cloudflared Quick Tunnel ... Only provide file paths you are comfortable briefly exposing to the internet.
Only provide file paths for media you are comfortable temporarily exposing, and avoid private or unrelated files.
Installing external binaries or npm dependencies can add supply-chain risk if the source is not trusted.
The documented setup includes a user-directed download and privileged installation of the latest cloudflared package. This is not automatic, but it requires trusting the download source.
curl -L -o cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-$(dpkg --print-architecture).deb sudo dpkg -i cloudflared.deb
Verify the skill source and install cloudflared/dependencies through trusted package managers or pinned, verified releases where possible.