instagram-video-downloader Security Report — Low Risk | ClawSafe

25 /100

instagram-video-downloader

Download Instagram videos, Reels, and IGTV in HD quality via savefbs.com API

A legitimate Instagram video downloader with minor documentation inconsistency (local usage tracking contradicts 'no data collection' claim) but no malicious behavior detected.

Skill Nameinstagram-video-downloader

Duration35.6s

Enginepi

✓

Safe to install

Review the 'no data collection' claim in SKILL.md to accurately reflect local usage tracking. Otherwise safe to use.

Findings 2 items

Severity	Finding	Location
Low	Local usage tracking contradicts 'no data collection' claim Doc Mismatch SKILL.md states 'No data collection' but the code writes usage data (date, count, paid status) to ~/.openclaw/skills/instagram-video-downloader/usage.json. While this is local storage, it contradicts the stated privacy claim. `usage_dir = home / '.openclaw' / 'skills' / 'instagram-video-downloader'` → Update SKILL.md to accurately state 'Local usage tracking for quota management only' instead of 'No data collection'	`scripts/fetch_ig_video.py:47`
Low	Missing permission declaration Priv Escalation No _meta.json or equivalent file declares the skill's required permissions. This makes it unclear what filesystem/network access is expected. `#!/usr/bin/env python3` → Add _meta.json with declared permissions (filesystem:WRITE for usage.json, network:READ for API calls)	`scripts/fetch_ig_video.py:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✓ Aligned	scripts/fetch_ig_video.py:53-54 writes to ~/.openclaw/skills/
Network	`READ`	`READ`	✓ Aligned	scripts/fetch_ig_video.py:79-93 POSTs to savefbs.com API
Shell	`NONE`	`NONE`	—	No shell execution detected

5 findings

🔗

Medium External URL 外部 URL

https://savefbs.com

SKILL.md:8

🔗

Medium External URL 外部 URL

https://savefbs.com/pricing

SKILL.md:18

🔗

Medium External URL 外部 URL

https://www.instagram.com/reel/DTpT3fIkiPr/

SKILL.md:59

💰

Medium Wallet Address 加密货币钱包地址

0xA4195EeFF370c003C5C775BE4C3f350022666305

scripts/fetch_ig_video.py:23

🔗

Medium External URL 外部 URL

https://pay.request.network/

scripts/fetch_ig_video.py:24

File Tree

2 files · 9.4 KB · 304 lines

Python 1f · 191L Markdown 1f · 113L

├─ ▾ 📁 scripts

│ └─ 🐍 fetch_ig_video.py Python 191L · 6.1 KB

└─ 📝 SKILL.md Markdown 113L · 3.3 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`requests`	`not declared`	import	No	Standard HTTP library, no version pinning

Security Positives

✓ No malicious behavior detected (no reverse shell, no C2, no credential theft)

✓ Network requests only to the documented savefbs.com API

✓ Uses standard requests library - no obfuscation or suspicious patterns

✓ No hidden functionality beyond stated purpose

✓ Local data storage only - no exfiltration of user data

✓ Payment integration uses Request Network (legitimate crypto payment service)

Scan Report

Findings 2 items

File Tree

Dependencies 1 items

Security Positives