CtrlK
BlogDocsLog inGet started
Tessl Logo

social-scraping

Scrape social media profiles, posts, comments, followers, and search across 6 platforms via x402. USE FOR: - Getting TikTok, Instagram, X/Twitter, Facebook, Reddit, or LinkedIn profiles - Fetching a user's posts, stories, highlights, or videos - Getting comments, replies, and reactions on posts - Listing followers and following for any account - Searching posts, hashtags, profiles, jobs, and ads across platforms - Cross-platform social media research and monitoring TRIGGERS: - "tiktok", "instagram", "facebook", "linkedin profile", "linkedin posts" - "get followers", "who follows", "following list" - "scrape profile", "get posts from", "social media data" - "instagram stories", "tiktok videos", "facebook page" - "linkedin company", "linkedin jobs", "linkedin ads" - "cross-platform", "social media research" IMPORTANT: StableSocial uses an async two-step flow. Step 1: POST triggers data collection (paid, $0.06). Step 2: Poll GET /api/jobs?token=... until finished (free). All endpoints are $0.06 per call. Use `npx agentcash fetch` for paid POST triggers. Use `npx agentcash fetch` for free GET polling. IMPORTANT: Use exact endpoint paths from the Quick Reference tables below. All paths include a platform prefix (e.g. `https://stablesocial.dev/api/tiktok/...`).

Invalid
This skill can't be scored yet
Validation errors are blocking scoring. Review and fix them to unlock Quality, Impact and Security scores. See what needs fixing →
SKILL.md
Quality
Evals
Security

Security

2 findings — 1 high severity, 1 medium severity. You should review these findings carefully before considering using this skill.

High

W007: Insecure credential handling detected in skill instructions

What this means

The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.

Why it was flagged

Insecure credential handling detected (high risk: 1.00). The skill's trigger-then-poll flow requires including the returned JWT token verbatim in subsequent CLI/polling requests (e.g., as ?token=...), which forces the agent to output secret token values in commands/URLs and creates an exfiltration risk.

Report incorrect finding
Medium

W011: Third-party content exposure detected (indirect prompt injection risk)

What this means

The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.

Why it was flagged

Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md Quick Reference and Workflows explicitly instruct the agent to POST to https://stablesocial.dev/api/... endpoints to collect profiles, posts, comments, followers and search results from public social platforms (TikTok, Instagram, X/Twitter, Facebook, Reddit, LinkedIn), which are untrusted, user-generated third‑party content that the agent is expected to read and act on.

Report incorrect finding
Repository
Merit-Systems/agentcash-skills
Commit

fe3e7ab

Audited
Security analysis
Snyk

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill