ℹ
Purpose & Capability
The name/description and SKILL.md consistently target the Postiz API and social posting workflows, and the included helper scripts align with that purpose. However, the skill declares no required credentials or primaryEnv even though the instructions require authenticating to a Postiz instance. That omission is a design inconsistency.
!
Instruction Scope
The runtime instructions directly instruct running curl commands against https://postiz.home.mykuhlmann.com and saving cookies to /tmp/postiz-cookies.txt. The SKILL.md contains a hard-coded login example including an email and plaintext password (sascha@mykuhlmann.com / Postiz2026!). Providing live credentials in the README is unsafe and could be used by the agent or anyone who copies the examples. The instructions also instruct uploading local files and reading local paths (e.g., /path/to/image.png), which are expected for the purpose but mean the skill will interact with user filesystem and an external host.
ℹ
Install Mechanism
No install spec is provided (instruction-only), which reduces installer risk. However, the package does include two Python scripts (scripts/post.py and scripts/check_duplicates.py). The presence of on-disk scripts is consistent with the 'helper script' claim, but those files should be reviewed for network calls, subprocess execution, and any file-system or credential-handling behavior before trusting them.
!
Credentials
The skill declares no required environment variables or primary credential, yet the workflow requires authenticating to a Postiz instance (cookies or credentials) to operate. Example credentials are embedded in SKILL.md rather than being defined as required/optional env vars or secrets, which is poor practice and risks accidental credential reuse or leakage. The skill does not request unrelated cloud credentials, but the lack of explicit credential handling is disproportionate to secure usage.
!
Persistence & Privilege
The skill does not set always:true or disableModelInvocation:true, so the default is that the model may invoke it autonomously when eligible. Because the skill's instructions perform network operations against an external host and can upload media/read local file paths, allowing autonomous invocation plus external API access increases the risk of unintended data transmission. Consider disabling autonomous invocation or restricting the skill if you do not want the model to make external API calls without an explicit prompt.
What to consider before installing
Do not install blindly. Specific recommendations:
- Inspect the two included scripts (scripts/post.py and scripts/check_duplicates.py) before installing: search for network calls, subprocess.exec/OS calls, hard-coded secrets, or code that reads arbitrary files or posts data to remote hosts.
- Treat the hard-coded credential in SKILL.md (sascha@mykuhlmann.com / Postiz2026!) as sensitive: assume it may be live. If you or your team used these credentials, rotate them immediately. If you copy examples, replace credentials with environment variables or prompt-based input.
- Ask the publisher for a source repository or homepage; lack of origin reduces trust. If you cannot verify the source, run the skill in an isolated environment or sandbox.
- Require the skill to declare required credentials (e.g., POSTIZ_EMAIL, POSTIZ_PASSWORD or an API token) instead of embedding them in docs, and prefer using an API token scoped to the account.
- If you do not want automatic network calls, set disableModelInvocation:true for this skill or only use it via explicit user-invocation.
- If you want further help, paste the contents of scripts/post.py and scripts/check_duplicates.py so they can be reviewed for risky patterns (shell execution, arbitrary remote hosts, secret exfiltration).
