postiz-extended Security Audit Report
postiz-extended is an AI agent skill, created by coolmanns and published at openclaw/skills. ClawSecure audited postiz-extended across 4 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 23 findings concentrate in Data Exfiltration, Transitive Trust Abuse and Policy Violation, including Script accesses environment variables and makes network calls in... and Script accesses environment variables and makes network calls in.... 6 were rated high or critical severity.
Is postiz-extended safe?
ClawSecure audited postiz-extended and assigned a security score of 0/100 (High Risk), identifying 23 findings across Data Exfiltration and Transitive Trust Abuse. Review the findings below before installing.
What did ClawSecure find in postiz-extended?
ClawSecure identified 23 findings in postiz-extended, concentrated in Data Exfiltration, Transitive Trust Abuse and Policy Violation. 6 were rated high or critical severity. The most severe include Script accesses environment variables and makes network calls in... and Script accesses environment variables and makes network calls in....
How was postiz-extended audited?
ClawSecure ran postiz-extended through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 4 files from openclaw/skills.
What does a score of 0 mean?
ClawSecure assigned postiz-extended a security score of 0/100, placing it in the High Risk range. This is driven by 23 findings led by Data Exfiltration that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).
Audit Findings for postiz-extended
ClawSecure detected 23 security findings in postiz-extended, spanning Data Exfiltration, Transitive Trust Abuse, Policy Violation and Unauthorized Tool Use.
- critical · Script accesses environment variables and makes network calls in.... Data Exfiltration finding detected in
/tmp/url-scans/8f65ed2fd2013175/scripts/post.py. - critical · Script accesses environment variables and makes network calls in.... Data Exfiltration finding detected in
/tmp/url-scans/8f65ed2fd2013175/scripts/check_duplicates.py. - critical · Multi-file exfiltration chain detected: scripts/post.py,.... Data Exfiltration finding.
- critical · Environment variable access with network calls in scripts/post.py,.... Data Exfiltration finding.
- high · Pattern detected: open(cookie_path). Data Exfiltration finding detected in
scripts/post.py:106. - high · Pattern detected: open(cookie_path). Data Exfiltration finding detected in
scripts/post.py:106. - medium · Pattern detected: import requests. Data Exfiltration finding detected in
scripts/post.py:43. - medium · Pattern detected: import requests. Data Exfiltration finding detected in
scripts/check_duplicates.py:28. - medium · Skill code uses network libraries but doesn't declare network.... Unauthorized Tool Use finding.
- medium · Pattern detected: import requests. Data Exfiltration finding detected in
scripts/post.py:43. - medium · Pattern detected: import requests. Data Exfiltration finding detected in
scripts/check_duplicates.py:28. - medium · Detects indirect prompt injection via instruction manipulation from.... Transitive Trust Abuse finding detected in
SKILL.md:231.
Showing the 12 highest-severity of 23 findings. The full interactive list appears below.
3-Layer Audit Protocol
Security Recommendations for postiz-extended
Audit external network connections
Resolve policy violations
Add a config.json permissions manifest
Related Security Research
ClawHavoc Explained: The Malware Family Targeting AI Agents→Beyond Static Scans: Why ClawSecure Verifies Agentic Intent→Related AI Agent Security Audits
Scanned on February 7, 2026. postiz-extended is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.