Mixpost
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could help delete media or change workspace resources if the user asks it to use these API examples.
The skill documents authenticated API calls that can delete Mixpost media. This is aligned with social media management, but it is a high-impact action if run against the wrong workspace or items.
### Delete media ```bash curl -X DELETE "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/media"
Require explicit confirmation before delete, update, schedule, or publish actions, and double-check workspace UUIDs and item IDs before running commands.
Anyone or any agent process with this token could potentially access or modify Mixpost workspace content according to the token's permissions.
The skill requires a bearer access token for Mixpost API calls. This is expected for the integration, but the token may grant read/write access to a social media management workspace.
export MIXPOST_ACCESS_TOKEN="your-access-token"
Use the least-privileged token Mixpost supports, keep it out of logs and shared files, and revoke or rotate it when no longer needed.