Mixpost
PassAudited by ClawScan on May 10, 2026.
Overview
The visible artifacts describe a coherent, instruction-only Mixpost API helper, but it uses a Mixpost token that can read and change social media workspace content.
Install this only if you want the agent to work with your Mixpost workspace. Use a scoped token if possible, protect the environment variables, and require explicit approval before publishing, scheduling, uploading, updating, or deleting content. The provided SKILL.md view is marked truncated, so review the full skill text before installing.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could help delete media or change workspace resources if the user asks it to use these API examples.
The skill documents authenticated API calls that can delete Mixpost media. This is aligned with social media management, but it is a high-impact action if run against the wrong workspace or items.
### Delete media ```bash curl -X DELETE "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/media"
Require explicit confirmation before delete, update, schedule, or publish actions, and double-check workspace UUIDs and item IDs before running commands.
Anyone or any agent process with this token could potentially access or modify Mixpost workspace content according to the token's permissions.
The skill requires a bearer access token for Mixpost API calls. This is expected for the integration, but the token may grant read/write access to a social media management workspace.
export MIXPOST_ACCESS_TOKEN="your-access-token"
Use the least-privileged token Mixpost supports, keep it out of logs and shared files, and revoke or rotate it when no longer needed.