Back to skill

Security audit

Postzee Skill

Security checks across malware telemetry and agentic risk

Overview

Postzee does what it claims, but it can publish live posts to connected social accounts and the instructions do not consistently require final confirmation.

Install only if you trust Postzee with the social accounts and media you connect. Configure credentials through a secret or MCP configuration mechanism rather than pasting raw keys into normal chat, and require the agent to show the exact content, media, target channels, timing, and credit cost before any live publish; use draft mode for uncertain posts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README promotes posting directly to 30+ social networks but does not warn that use of the skill can trigger real external publication to user-connected accounts. In an agent setting, that omission increases the risk of unintended posts, reputational damage, or accidental disclosure because users may treat examples as low-risk content generation rather than account-affecting actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The setup instructions tell users to paste an API key into the agent without any caution about credential sensitivity, storage, logging, or least-privilege handling. In agent environments, secrets can be retained in chat history, logs, or configuration layers, so omission of credential-handling guidance creates real exposure risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Examples such as 'Generate and post to all my channels' normalize broad publication actions without warning that content may be pushed to every connected account. In an autonomous or semi-autonomous agent workflow, that can lead to mass unintended posting, brand harm, or disclosure of unreviewed AI-generated content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill makes immediate publishing the default and explicitly maps user requests like 'post' or quick-action flows to live publication without a distinct confirmation step. Because posting to social media is an externally visible, irreversible action with reputational and business impact, skipping an explicit final approval increases the chance of accidental or premature publication.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.