ClawHub
Back to skill

Security audit

Postiz is a tool to schedule social media and chat posts to 28+ channels X, LinkedIn, LinkedIn Page, Reddit, Instagram, Facebook Page, Threads, YouTube, Google My Business, TikTok, Pinterest, Dribbble, Discord, Slack, Kick, Twitch, Mastodon, Bluesky, Lemmy, Farcaster, Telegram, Nostr, VK, Medium, Dev.to, Hashnode, WordPress, ListMonk

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Postiz skill, but it gives an agent broad power to post, upload media, and delete content on real connected social accounts without enough confirmation or credential-safety guardrails.

Install only if you want an agent to help operate Postiz on real connected accounts. Before allowing create, delete, upload, connect, or bulk scheduling commands, require the agent to show the exact content, target accounts, integration IDs, schedule, and deletion target, and prefer drafts or test accounts first. Avoid putting long-lived API keys in shell profile files; use temporary exports or a secrets manager where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The AI-agent workflow explicitly iterates over every discovered tool and invokes each one automatically, without validating necessity, safety, or data sensitivity. In a system connected to live third-party integrations, this can cause over-collection of account metadata, unintended side effects from tool execution, and execution beyond the minimum permissions needed to create a post.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This documentation encourages live and scheduled posting to multiple external platforms but does not clearly warn that commands will publish real content to connected third-party accounts and may affect production-facing social media presence. In an agent skill context, that omission is risky because an autonomous agent may treat the examples as harmless test actions and trigger irreversible posts, scheduled campaigns, or account-impacting activity.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to append a long-lived API key directly into shell startup files, which stores the secret in plaintext on disk and automatically exposes it to every future shell session. If the workstation, home directory backups, dotfiles repo, or local account are compromised, the API key can be recovered and abused to access the Postiz account or API.

Missing User Warnings

Low
Confidence
88% confidence
Finding
Telling users to verify the variable with 'echo $POSTIZ_API_KEY' prints the full secret to the terminal, where it may be exposed via screen recording, shoulder surfing, terminal logging, scrollback retention, or copied command transcripts. While this does not itself exfiltrate the key, it unnecessarily increases secret exposure during normal troubleshooting.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section repeats advice to store the API key permanently in shell profile files and even source those files, normalizing plaintext credential persistence without discussing tradeoffs. Repetition increases the likelihood that users will adopt insecure secret handling practices, leaving the API key available to local compromise, backups, and accidental disclosure.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The examples show complete posting commands against real integrations but do not warn that these actions can publish content to live external accounts. This increases the risk that users or agents copy-paste examples in production contexts and unintentionally post publicly to Reddit, YouTube, LinkedIn, or other connected services.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The automated workflow instructs agents to enumerate tools and trigger them all, then print returned results, without warning that those results may contain private account metadata such as company IDs, playlists, communities, or other scoped resources. This broadens data exposure and encourages unnecessary retrieval and logging of sensitive integration data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation provides ready-to-run commands for creating posts on external services but does not clearly warn that these actions may publish to real connected accounts immediately unless users explicitly choose draft or scheduled behavior. In an agent skill context, that omission increases the risk of unintended live posting, account misuse, reputational damage, and accidental disclosure of sensitive or unreviewed content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This documentation includes ready-to-run `postiz posts:create` examples that appear to perform real publishing actions across external platforms, but it does not clearly warn users that these commands may create live posts on connected accounts. In an agent skill context, examples are often reused verbatim by automation or copied by users, so the absence of a prominent safety warning increases the risk of unintended publication, reputational damage, or disclosure of draft content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents `postiz posts:delete <post-id>` with no warning, preview, or confirmation guidance, which can lead an agent or user to irreversibly delete scheduled or published content. In an automation context, a mistaken ID, stale context, or prompt injection could trigger destructive actions against a live social media workflow.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The summary explicitly instructs users or agents to set an API key and use commands that create posts and upload media to external social-media accounts, but it provides no warning about account-impacting actions, privacy exposure, or the need for user confirmation. In an AI-agent context, this increases the risk of unintended posting, media disclosure, or misuse of connected accounts if the tool is invoked automatically.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal