Postiz Extended
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 2 The skill bundle is classified as suspicious primarily due to the presence of hardcoded credentials (email: `sascha@mykuhlmann.com`, password: `Postiz2026!`) in both the `SKILL.md` instructions and the Python scripts (`scripts/check_duplicates.py`, `scripts/post.py`). While these credentials appear to be for a specific, likely demo, instance (`https://postiz.home.mykuhlmann.com`), hardcoding credentials in a skill bundle is a significant security anti-pattern that exposes sensitive information. The skill otherwise aligns with its stated purpose of managing social media posts, with all network and file system access (e.g., `/tmp/postiz-cookies.txt` for session management) being directly related to interacting with the Postiz API. There is no evidence of prompt injection against the agent, data exfiltration to unrelated endpoints, or other malicious behaviors.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill could authenticate to and control someone else’s Postiz-connected social accounts, including publishing or managing posts.
The helper script embeds a real-looking Postiz host, email, and password instead of requiring a user-provided credential, granting account-level authority to the configured Postiz/social integrations.
POSTIZ_URL = "https://postiz.home.mykuhlmann.com" ... CREDENTIALS = {"email": "sascha@mykuhlmann.com", "password": "[hardcoded]", "provider": "LOCAL"}Do not use the embedded credentials. Rotate/remove the exposed password, require user-supplied secrets through environment variables or OAuth, and clearly declare the credential requirement in metadata.
A mistaken or unauthorized invocation could schedule, immediately publish, alter, or remove social posts.
Publishing, updating, and deleting social posts are expected for this skill, but they are high-impact actions because they affect public or business social media accounts.
- List, query, update, and delete scheduled posts ... Post Types ... `now` — Publish immediately
Require explicit user confirmation before publishing, deleting, or updating posts, especially when using `now` or bulk/multi-platform actions.
A user may believe they are configuring their own Postiz account while the skill is actually prepared to operate against predefined accounts.
The description frames the skill as a general self-hosted/cloud Postiz integration, but the instructions point to specific named accounts and handles.
Schedule and manage social media posts via Postiz API (self-hosted or cloud) ... Handle ... @CoolmannSa ... kuhlmannsascha ... coolmanns.bsky.social
Make the target Postiz instance and social accounts configurable, remove account-specific defaults, and clearly disclose any fixed account binding.
Running the helper may install or use a dependency that was not declared in the skill metadata.
The helper script relies on an inline, unpinned Python dependency when run with uv; this is common for small scripts but is not reflected in the registry requirements.
# dependencies = ["requests"]
Pin dependencies and declare runtime requirements so users can review what will be installed or used.