ClawAudit verdict
instagram-place-posts
This skill scrapes Instagram posts tagged at a specific location, returning media items with captions, like/comment counts, media URLs and user info. It operates within the user's browser capabilities and does not bypass authentication or access controls. The skill seems to be used for informational purposes only.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (3)
Possible hardcoded credential
scripts/get-place-posts.py · prose · downgraded · token='); }});
var token = csrfToken ? csrfToken.split(
References agent memory files
SKILL.md · prose · downgraded · memory.md
Uses XMLHttpRequest — network access
scripts/get-place-posts.py · prose · downgraded · XMLHttpRequest
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class B). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions — minimal attack surface.
Is this flag fair?
Thanks — recorded.