← Back to Scanner

postiz-extended Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

postiz-extended is an AI agent skill, created by coolmanns and published at openclaw/skills. ClawSecure audited postiz-extended across 4 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 23 findings concentrate in Data Exfiltration, Transitive Trust Abuse and Policy Violation, including Script accesses environment variables and makes network calls in... and Script accesses environment variables and makes network calls in.... 6 were rated high or critical severity.

Is postiz-extended safe?

ClawSecure audited postiz-extended and assigned a security score of 0/100 (High Risk), identifying 23 findings across Data Exfiltration and Transitive Trust Abuse. Review the findings below before installing.

What did ClawSecure find in postiz-extended?

ClawSecure identified 23 findings in postiz-extended, concentrated in Data Exfiltration, Transitive Trust Abuse and Policy Violation. 6 were rated high or critical severity. The most severe include Script accesses environment variables and makes network calls in... and Script accesses environment variables and makes network calls in....

How was postiz-extended audited?

ClawSecure ran postiz-extended through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 4 files from openclaw/skills.

What does a score of 0 mean?

ClawSecure assigned postiz-extended a security score of 0/100, placing it in the High Risk range. This is driven by 23 findings led by Data Exfiltration that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for postiz-extended

ClawSecure detected 23 security findings in postiz-extended, spanning Data Exfiltration, Transitive Trust Abuse, Policy Violation and Unauthorized Tool Use.

Showing the 12 highest-severity of 23 findings. The full interactive list appears below.

3-Layer Audit Protocol

Security Recommendations for postiz-extended

Audit external network connections
postiz-extended sends data to external endpoints. Confirm each destination is expected and authorized, and remove any callback that exfiltrates data. ClawSecure monitors for known exfiltration and C2 endpoints.
Resolve policy violations
postiz-extended trips ClawSecure policy checks. Review each flagged pattern against your security policy and remediate or document an accepted exception before production use.
Add a config.json permissions manifest
A config.json file declares what an agent component can access: file system, network, shell execution and more. Without it, users have no visibility into what the component can do before installing. This is the single most impactful security improvement for any AI agent skill.

Related Security Research

ClawHavoc Explained: The Malware Family Targeting AI AgentsBeyond Static Scans: Why ClawSecure Verifies Agentic Intent

Related AI Agent Security Audits

qiaomu-mondo-poster-designScore 0/100proactive-agentScore 0/100zoho-email-integrationScore 0/100zoho-email-integrationScore 0/100korea-metropolitan-bus-alertsScore 0/100

Scanned on February 7, 2026. postiz-extended is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan