Mixpost
Mixpost is a self-hosted social media management software that helps you schedule and manage your social media content across multiple platforms including Facebook, Twitter/X, Instagram, LinkedIn, Pinterest, TikTok, YouTube, Mastodon, Google Business Profile, Threads, Bluesky, and more.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 5 · 3k · 11 current installs · 11 all-time installs
by@lao9s
MIT-0
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, declared env vars (MIXPOST_URL, MIXPOST_ACCESS_TOKEN, MIXPOST_WORKSPACE_UUID), and all curl examples consistently target the Mixpost API surface. There are no unrelated environment variables, binaries, or config paths required that would be out of scope for a social-media-management integration.
Instruction Scope
SKILL.md contains only concrete curl examples for Mixpost API endpoints (accounts, media, tags, posts, etc.) and a simple setup step to export the three required env vars. The instructions do not ask the agent to read arbitrary system files, other env vars, or send data to endpoints outside the user-provided MIXPOST_URL. Note: some examples show uploading a local file (curl -F file=@/path/to/...), which implies access to local files if executed — this is expected for media upload functionality but is worth awareness.
Install Mechanism
No install spec and no code files are included. This reduces the surface area — nothing will be downloaded or written to disk by an install step.
Credentials
The three required env vars are proportional to the skill's purpose. MIXPOST_ACCESS_TOKEN is declared as the primary credential. There are no unrelated secrets requested. One general caution: MIXPOST_URL is user-supplied and could point to any host, so the token and workspace UUID will be valid against whatever URL is provided.
Persistence & Privilege
always:false (good). disable-model-invocation:false means the agent can call the skill autonomously — this is the platform default and necessary for agent-driven tasks. Keep in mind that with valid credentials the agent (if permitted by runtime) could perform state-changing actions (create posts, upload media) on your Mixpost instance; this is expected behavior for this skill but should be acceptable only if you trust the agent and the token's scope.
Assessment
This skill appears coherent and only needs your Mixpost URL, an access token, and a workspace UUID. Before installing: (1) only point MIXPOST_URL to a Mixpost instance you control or trust — credentials are sent to that URL; (2) treat MIXPOST_ACCESS_TOKEN as sensitive and prefer a token with minimal privileges and an expiration if possible; (3) be aware that if the agent is allowed to invoke the skill autonomously it can create/publish posts and upload files using those credentials; (4) rotate the token if you later revoke the skill's access and monitor your Mixpost audit/logs for unexpected activity.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🗓️ Clawdis
EnvMIXPOST_URL, MIXPOST_ACCESS_TOKEN, MIXPOST_WORKSPACE_UUID
Primary envMIXPOST_ACCESS_TOKEN
SKILL.md
Mixpost Skill
Mixpost is a self-hosted social media management software that helps you schedule and manage your social media content across multiple platforms including Facebook, Twitter/X, Instagram, LinkedIn, Pinterest, TikTok, YouTube, Mastodon, Google Business Profile, Threads, Bluesky, and more.
Setup
- Navigate to your Mixpost dashboard
- Click on Access Tokens from the user menu
- Click Create to generate a new token
- Get your workspace UUID: Go to Social Accounts page, click the 3 dots menu on any account, and copy the workspace UUID
- Set environment variables:
export MIXPOST_URL="https://your-mixpost-instance.com/mixpost" export MIXPOST_ACCESS_TOKEN="your-access-token" export MIXPOST_WORKSPACE_UUID="your-workspace-uuid"
Test Connection
curl -X GET "$MIXPOST_URL/api/ping" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Accept: application/json"
Accounts
Get all accounts
curl -X GET "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/accounts" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Accept: application/json"
Get a specific account
curl -X GET "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/accounts/:accountUuid" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Accept: application/json"
Media
Get all media
curl -X GET "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/media?limit=50" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Accept: application/json"
Get a specific media file
curl -X GET "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/media/:mediaUuid" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Accept: application/json"
Upload media (form-data)
curl -X POST "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/media" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Accept: application/json" \
-F "file=@/path/to/your/file.png"
Update media
curl -X PUT "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/media/:mediaUuid" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{
"alt_text": "Alternative text for accessibility"
}'
Delete media
curl -X DELETE "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/media" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{
"items": ["media-id-1", "media-id-2"]
}'
Tags
Get all tags
curl -X GET "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/tags" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Accept: application/json"
Get a specific tag
curl -X GET "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/tags/:tagUuid" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Accept: application/json"
Create a tag
curl -X POST "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/tags" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{
"name": "Marketing",
"hex_color": "#FF5733"
}'
Update a tag
curl -X PUT "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/tags/:tagUuid" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{
"name": "Updated Tag Name",
"hex_color": "#00FF00"
}'
Delete a tag
curl -X DELETE "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/tags/:tagUuid" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Accept: application/json"
Posts
Get all posts
curl -X GET "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/posts?limit=50&status=scheduled&page=1" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Accept: application/json"
Query Parameters:
limit(number, default: 50): Results per pagestatus:draft,scheduled,published,failed,needs_approval,trashkeyword(string): Search posts by contentaccounts(array): Filter by account IDstags(array): Filter by tag namespage(number): Page number for pagination
Get a specific post
curl -X GET "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/posts/:postUuid" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Accept: application/json"
Create a post
curl -X POST "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/posts" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{
"schedule": true,
"date": "2024-12-25",
"time": "10:00",
"timezone": "America/New_York",
"accounts": [1, 2],
"tags": [1],
"versions": [
{
"account_id": 0,
"is_original": true,
"content": [
{
"body": "Hello from Mixpost API!",
"media": [1, 2],
"url": "https://example.com"
}
],
"options": {}
}
]
}'
Post Options:
schedule: Set totrueto schedule for specific date/timeschedule_now: Set totrueto publish immediatelyqueue: Set totrueto add to publishing queue- If none are set, post is saved as draft
Platform-specific options:
{
"options": {
"facebook_page": {
"type": "post" // post, reel, story
},
"instagram": {
"type": "post" // post, reel, story
},
"linkedin": {
"visibility": "PUBLIC" // PUBLIC, CONNECTIONS
},
"mastodon": {
"sensitive": false // boolean
},
"pinterest": {
"link": null, // null | string
"title": "", // string
"boards": {
"account-1": "971672010430333260" // The key `account-*` is the ID of your Pinterest account
}
},
"youtube": {
"title": null, // null | string
"status": "public" // public, private, unlisted
},
"gbp": { // Google Business Profile
"type": "post", // post, offer, event
"button": "NONE", // NONE, BOOK, ORDER, SHOP, LEARN_MORE, SIGN_UP, CALL
"button_link": "", // Leave empty if button is NONE or CALL
"offer_has_details": false, // Only applies if type is offer
"coupon_code": "", // Only applies if type is offer and offer_has_details is true
"offer_link": "", // Only applies if type is offer and offer_has_details is true
"terms": "", // Only applies if type is offer and offer_has_details is true
"event_title": "", // Only applies if type is event or offer
"start_date": null, // null | string - Only applies if type is event or offer
"end_date": null, // null | string - Only applies if type is event or offer
"event_has_time": false, // Only applies if type is event
"start_time": "09:00", // Only applies if type is event and event_has_time is true
"end_time": "17:00" // Only applies if type is event and event_has_time is true
},
"tiktok": {
"privacy_level": {
"account-2": "PUBLIC_TO_EVERYONE" // PUBLIC_TO_EVERYONE, MUTUAL_FOLLOW_FRIENDS, SELF_ONLY - The key `account-*` is the ID of your TikTok account
},
"allow_comments": {
"account-2": true // boolean
},
"allow_duet": {
"account-2": false // boolean
},
"allow_stitch": {
"account-2": false // boolean
},
"content_disclosure": {
"account-2": false // boolean
},
"brand_organic_toggle": {
"account-2": false // boolean
},
"brand_content_toggle": {
"account-2": false // boolean
}
}
}
}
Update a post
curl -X PUT "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/posts/:postUuid" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{
"content": "Updated post content",
"schedule_at": "2024-12-25T10:00:00Z",
"media": ["url1", "url2"],
"tags": ["tag1", "tag2"],
"account_ids": ["id1", "id2"]
}'
Delete a post
curl -X DELETE "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/posts/:postUuid" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{
"trash": false,
"delete_mode": "app_only"
}'
Delete modes:
app_only: Delete only from the app (default)app_and_social: Delete from both app and social mediasocial_only: Delete only from social media platforms
Delete multiple posts
curl -X DELETE "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/posts" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{
"posts": ["post-uuid-1", "post-uuid-2"],
"trash": false,
"delete_mode": "app_only"
}'
Schedule a post
curl -X POST "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/posts/schedule/:postUuid" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{
"postNow": false
}'
Add post to queue
curl -X POST "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/posts/add-to-queue/:postUuid" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Accept: application/json"
Approve a post
curl -X POST "$MIXPOST_URL/api/$MIXPOST_WORKSPACE_UUID/posts/approve/:postUuid" \
-H "Authorization: Bearer $MIXPOST_ACCESS_TOKEN" \
-H "Accept: application/json"
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…