Instapaper
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using these commands could archive, move, import, delete, or otherwise change Instapaper bookmarks, folders, or highlights.
The skill documents destructive and bulk account operations. They are aligned with the Instapaper CLI purpose and include explicit flags/IDs, but they can still change or delete user account data if used incorrectly.
`ip delete 123456 --yes-really-delete` ... `ip archive --ids 1,2,3` ... `printf "10\n11\n12\n" | ip unarchive --stdin`
Use dry-run or idempotent modes where available, verify IDs and input files before bulk actions, and require clear user approval before delete/import/folder-change operations.
Providing credentials lets the CLI access and modify the user's Instapaper account according to the commands run.
The skill requires Instapaper API/login credentials to perform its intended function. This is expected, and the artifact gives password-handling guidance, but the registry metadata does not declare a credential contract.
Ensure `INSTAPAPER_CONSUMER_KEY` and `INSTAPAPER_CONSUMER_SECRET` are set or passed during login. Prefer `--password-stdin` for auth; never store the password.
Provide credentials only to a trusted installed CLI, prefer secure stdin or environment handling, and avoid exposing credentials in shell history, logs, or shared transcripts.
The behavior and security of account operations depend on the externally installed `ip` CLI version.
The skill directs users to install an external CLI, including an unpinned `@latest` Go install and a third-party Homebrew tap. This is central to the skill's purpose, but users should verify the source and version.
Go install: `go install github.com/vburojevic/instapaper-cli/cmd/ip@latest` ... Homebrew: `brew tap vburojevic/tap && brew install instapaper-cli`
Install from a trusted source, consider pinning or reviewing a specific release, and verify the repository before providing Instapaper credentials.