Back to plugin

Security audit

Postzee — AI Social Media Studio

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, instructions, and configuration align with its stated purpose: it asks for a Postzee API key in the plugin config and only calls Postzee's public API to generate media and post to connected channels.

This plugin appears to do what it says: it needs your Postzee API key in the OpenClaw plugin config and then calls Postzee's API to generate media and post to channels. Before installing: 1) Confirm you trust Postzee and that the API key you provide has only the necessary scope; 2) Be aware the SKILL.md allows automated generate-and-post flows (the agent may perform generate+publish sequences when intent is clear) — if you need manual approval before publishing, plan to require confirmations or adjust agent behavior; 3) Monitor credits to avoid unexpected charges; 4) If you want extra assurance, review the plugin source (dist/index.js / src/index.ts) yourself to verify the API endpoints and header usage (it posts to api.postzee.app and sends the configured API key in the Authorization header).

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.