ClawHub

Postavel

Security checks across malware telemetry and agentic risk

Overview

Postavel appears purpose-built for social media management, but it needs review because installation and publishing workflows carry high-impact risks without enough safeguards.

Install only if you trust Postavel and mcporter. Prefer Homebrew or npm over the curl-to-bash installer, avoid the sudo direct-download fallback unless you can verify the binary, and use a least-privileged Postavel account. Require explicit confirmation before publishing, scheduling, auto-approving, bulk-approving, or deleting posts, and avoid placing OAuth tokens in shell environment variables unless you understand the exposure risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Findings (14)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs users to run shell commands for installation, configuration, authentication, and troubleshooting, but the skill metadata does not declare shell capability. That mismatch hides the true operational surface of the skill and can lead an agent or user to execute commands without an explicit permission boundary or review expectation.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The documentation tells the user to execute a remote installer directly from the network via a shell pipeline. This bypasses normal inspection and integrity verification, so compromise of the hosting site, CDN, or transport path could result in arbitrary code execution on the user's machine.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The installer goes beyond simply configuring a social-media MCP connection: it installs software via Homebrew or npm and may download a binary into /usr/local/bin. That broadens the trust boundary and can modify the host system in ways not clearly implied by the skill description, increasing supply-chain and host-integrity risk if any upstream source is compromised.

Context-Inappropriate Capability

Low
Confidence
80% confidence
Finding
The script automatically launches an OAuth authentication flow, which causes the user to authenticate an external service account and may grant persistent access tokens. Even though OAuth is expected for this type of integration, silently initiating it without prior disclosure or confirmation can surprise users and increase phishing or over-permission risks.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation phrases are broad and include generic terms like "social media," "create post," and platform names, which can cause the skill to trigger in contexts where the user did not intend to access Postavel. Because this skill can perform impactful actions such as publishing or approving posts, unintended activation raises the risk of confused-deputy behavior and accidental account actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises impactful capabilities like creating, scheduling, and approving posts without a prominent warning that these actions can publish content to real social accounts or advance approval workflows. In this context, omission of explicit caution increases the chance of accidental brand-impacting actions from ambiguous user requests.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The tool reference exposes a destructive delete_post capability but provides no guidance to require explicit user confirmation or to warn about irreversible removal before invoking it. In an agentic context, this increases the risk of accidental or prompt-induced deletion of scheduled or draft content, causing business disruption or loss of work.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide explicitly recommends exporting an OAuth access token as an environment variable, which increases the chance of credential exposure through shell history, process inspection, debug output, CI logs, or inherited subprocess environments. In the context of a social media management skill, compromise of this token could allow unauthorized access to connected Postavel accounts and downstream posting capabilities across linked platforms.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script performs privileged installation steps and writes persistent configuration under the user's home directory without an interactive confirmation prompt. This is dangerous because a one-line installer can make lasting host changes and elevate privileges before the user has a clear chance to review what will happen.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
The AI assistant respects Postavel's permission system:

| Role | Can Create | Can Approve | Can Auto-Approve |
|------|-----------|-------------|------------------|
| **Owner** | ✅ | ✅ | ✅ |
| **Admin** | ✅ | ✅ | ✅ |
Confidence
81% confidence
Finding
Auto-Approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- `status` (optional): 'draft', 'scheduled', or 'published' (default: 'draft')
- `scheduled_at` (optional): ISO 8601 datetime (required if status='scheduled')
- `media_urls` (optional): Array of external image/video URLs
- `auto_approve` (optional): boolean - Immediately approve (admin/owner only)

**Use when:** User wants to create a social media post
Confidence
91% confidence
Finding
auto_approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
**Important:** 
- One post can target multiple platforms
- Posts require approval before publishing (unless auto_approve=true and user has permissions)

---
Confidence
88% confidence
Finding
auto_approve

External Script Fetching

High
Category
Supply Chain
Content
### Alternative: Install Script

```bash
curl -fsSL https://postavel.com/install-mcp | bash
```

### Troubleshooting
Confidence
99% confidence
Finding
curl -fsSL https://postavel.com/install-mcp | bash

Chaining Abuse

High
Category
Tool Misuse
Content
### Alternative: Install Script

```bash
curl -fsSL https://postavel.com/install-mcp | bash
```

### Troubleshooting
Confidence
99% confidence
Finding
| bash

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal