Trust Assessment
social-scheduler-extended received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Insecure storage of API session cookies in /tmp, Potential data exfiltration through local file upload, Potential command injection via helper script arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential data exfiltration through local file upload The skill provides an example `curl` command for uploading media from a local file path (`-F 'file=@/path/to/image.png'`). If an AI agent uses this pattern and allows a user to specify an arbitrary file path, it could be exploited to exfiltrate sensitive local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, configuration files) from the agent's execution environment to the `your-postiz-instance.com` server. This poses a significant data exfiltration risk. Implement strict validation and sanitization of file paths provided by users. Restrict file uploads to specific, non-sensitive directories or use a file picker interface that prevents arbitrary path input. Avoid allowing the LLM to construct file paths directly from untrusted user input. | LLM | SKILL.md:149 | |
| MEDIUM | Insecure storage of API session cookies in /tmp The skill's documentation demonstrates storing API session cookies in `/tmp/postiz-cookies.txt`. The `/tmp` directory is a common location for temporary files and is often world-writable, making any sensitive data stored there vulnerable to other processes or users on the system. This could lead to session hijacking or unauthorized access to the Postiz API if the cookie is compromised. Store session cookies in a more secure, user-specific, and permission-restricted location (e.g., `~/.config/postiz/cookies.txt` with `0600` permissions) or use a secure credential store provided by the operating system or agent framework. | LLM | SKILL.md:38 | |
| MEDIUM | Potential command injection via helper script arguments The skill mentions a helper script `scripts/post.py` that takes user-controlled input via arguments like `--content`. If this script constructs and executes shell commands (e.g., `curl` commands) using these arguments without proper sanitization or shell escaping, it could be vulnerable to command injection. An attacker could embed malicious shell commands within the `--content` argument, leading to arbitrary code execution in the agent's environment. The source code for `post.py` is not provided, so the exact exploit path cannot be confirmed, but the pattern presents a credible risk. Review the `scripts/post.py` source code. Ensure all user-provided arguments are properly sanitized and shell-escaped before being used in any shell command execution (e.g., using `shlex.quote` in Python) or prefer using library functions that do not involve shell execution (e.g., `requests` library for HTTP calls instead of `subprocess.run('curl ...')`). | LLM | SKILL.md:213 |
Scan History
Embed Code
[](https://skillshield.io/report/a4fda3e1d67ccf19)
Powered by SkillShield