ClawHub

Postiz Extended

Security checks across malware telemetry and agentic risk

Overview

This skill is for social media scheduling, but it ships a fixed Postiz account password and can publish, upload, list, update, and delete posts through that account.

Review before installing. Only use this if you intentionally control the referenced Postiz instance and social channels. The exposed password should be rotated, hardcoded credentials removed, the server and integrations made user-configurable, and session cookies stored securely or avoided.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill invokes shell commands, performs network requests, and writes cookies to disk, yet declares no permissions or capability boundaries. This increases the chance the agent will use the skill in contexts where users did not expect outbound network access or local file writes, weakening review and consent controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill description materially overstates capabilities while omitting sensitive behavior such as hardcoded credentials, cookie persistence, and use of a fixed self-hosted endpoint. This mismatch can cause unsafe trust decisions by users or orchestrators and may route sensitive actions to a specific third-party account or server under false assumptions.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The file contains hardcoded live login credentials for a specific Postiz account. Anyone with access to the skill can authenticate to that account, post content, inspect scheduled posts, upload media, or otherwise act as the account owner, leading to full account compromise and possible downstream brand or reputational damage.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script embeds live-looking production credentials and automatically authenticates to a real Postiz instance, then stores session cookies on disk. Anyone with access to the code or the cookie file can gain authenticated access to the social media management account, exposing scheduled content, connected channels, and potentially account-management actions.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script hardcodes a real Postiz email/password and uses them for remote authentication. Embedded credentials in distributable code are dangerous because anyone with access to the skill can reuse them to access the associated account, schedule or modify posts, and potentially pivot into connected social media integrations. The skill context increases risk because this helper is specifically designed to perform authenticated posting actions against a live external service.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script stores authenticated session cookies in /tmp/postiz-cookies.txt, a predictable local path that may be readable by other local users or processes depending on system configuration. Session-token persistence is sensitive because theft of the cookie file may allow account reuse without re-entering credentials, extending the blast radius of the already embedded account access.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The activation guidance is broad enough to match many ordinary social-media-related requests, increasing the likelihood the skill is auto-invoked for actions involving external posting and account access. In the context of a skill that can authenticate and mutate remote state, overbroad triggering raises the chance of unintended use.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation includes immediate publish, update, and delete operations without prominent safeguards or warnings about irreversible external effects. In a social media context, accidental execution can create public posts, alter schedules, or remove content, causing reputational and operational harm.

Missing User Warnings

High
Confidence
98% confidence
Finding
Hardcoded login credentials combined with silent cookie persistence create undisclosed sensitive authentication behavior. This makes the script far more dangerous than its duplicate-checking description suggests, because running it grants and preserves authenticated access to a production social publishing account without transparent consent or secure secret handling.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script silently transmits embedded credentials to a remote login endpoint without any disclosure to the operator. This is dangerous because users may unknowingly run code that authenticates as someone else’s account, causing unauthorized actions, account abuse, and potential data exposure through the authenticated API.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The client performs remote login and later posting/media-upload operations to an external Postiz instance without an explicit warning that content, media, and metadata will be transmitted off-host. In a skill intended for automation, this omission can mislead users about where sensitive post drafts or files are going, especially because the endpoint is a specific third-party/self-hosted domain rather than a clearly user-configured destination.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Login and save cookie (required before any API call)
curl -s -c /tmp/postiz-cookies.txt \
  'https://postiz.home.mykuhlmann.com/api/auth/login' \
  -H 'Content-Type: application/json' \
  -d '{"email":"sascha@mykuhlmann.com","password":"Postiz2026!","provider":"LOCAL"}'
Confidence
98% confidence
Finding
curl -s -c /tmp/postiz-cookies.txt \ 'https://postiz.home.mykuhlmann.com/api/auth/login' \ -H 'Content-Type: application/json' \ -d '{"email":"sascha@mykuhlmann.com","password":"Postiz2026!","pr

External Transmission

Medium
Category
Data Exfiltration
Content
### Upload Image
```bash
# Upload returns {id, path}
curl -s -b /tmp/postiz-cookies.txt \
  'https://postiz.home.mykuhlmann.com/api/media/upload-simple' \
  -F 'file=@/path/to/image.png'
```
Confidence
83% confidence
Finding
curl -s -b /tmp/postiz-cookies.txt \ 'https://postiz.home.mykuhlmann.com/api/media/upload-simple' \ -F 'file=@/path/to/image.png' ``` ### Use in Post ```json "value": [{ "content": "Post with i

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal