Trust Assessment
postiz received a trust score of 64/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 3 medium, and 1 low severity. Key findings include Suspicious import: requests, Arbitrary Local File Upload Leading to Data Exfiltration, Excessive File System Access for Media Upload.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary Local File Upload Leading to Data Exfiltration The `scripts/post.py` skill allows uploading media files specified by a local file path. If an attacker can control the `--image` argument passed to this script (e.g., via prompt injection to the agent), they could instruct the agent to upload arbitrary files from its local filesystem to the configured `POSTIZ_URL`. This could lead to the exfiltration of sensitive data such as configuration files, private keys, or other skill files. Implement strict validation and sanitization for the `file_path` argument. Restrict file uploads to a designated, isolated directory (e.g., a temporary upload sandbox) and prevent directory traversal (`../`). Alternatively, consider using a tool-specific file picker or content ID instead of direct file paths to limit filesystem access. | LLM | scripts/post.py:139 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/coolmanns/postiz-extended/scripts/check_duplicates.py:28 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/coolmanns/postiz-extended/scripts/post.py:43 | |
| MEDIUM | Excessive File System Access for Media Upload The `scripts/post.py` skill's `upload_media` function can open and read any file on the local filesystem if its path is provided as an argument. While directly related to the data exfiltration finding, this highlights an excessive permission granted to the skill. A social media posting skill should ideally not have broad read access to arbitrary files on the agent's host system, especially for media uploads which should be confined to specific, user-provided content. Limit the scope of file system access for media uploads. Instead of accepting arbitrary file paths, consider mechanisms that allow the agent to specify content from a restricted set of known, safe locations or through a more controlled input method that doesn't expose the full file system. | LLM | scripts/post.py:139 | |
| LOW | Sensitive Information Stored in World-Writable /tmp Directory Both `scripts/check_duplicates.py` and `scripts/post.py` store authentication cookies in `/tmp/postiz-cookies.txt`. The `/tmp` directory is typically world-writable, meaning other processes or users on the same system might be able to read these cookies. While the skill itself uses these cookies for legitimate authentication, their storage in a globally accessible temporary directory could pose a risk in multi-user or less isolated environments, potentially allowing other processes to hijack the session. Store sensitive files like session cookies in a more secure, user-specific, and permission-restricted directory (e.g., `~/.config/postiz/cookies.txt` with `0600` permissions) or use an in-memory session if persistent storage is not strictly required. If `/tmp` must be used, ensure the file is created with restrictive permissions (e.g., `os.umask(0o077)` before file creation). | LLM | scripts/check_duplicates.py:20 |
Scan History
Embed Code
[](https://skillshield.io/report/cdb2e8989aecde6a)
Powered by SkillShield