instagram-publisher

SUSPICIOUS. The core purpose is coherent for an Instagram publishing skill, and the required Instagram credentials are proportionate, but routing local images through catbox.moe as temporary public hosting introduces an unnecessary third-party intermediary and public exposure of content before posting. There is no strong malware signal or suspicious installer chain, but the data-flow design and ability to perform public posting make this a medium-high security risk.