ClawAudit verdict

postai-automation

45
๐ŸŸ  Risky
Significant concerns โ€” only install if you understand the risks

The skill deals with automation of social media content creation and posting, involving credentials which could be sensitive.

โš  Flagged for review โ€” coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis โ€” not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

88
security
50
transparency
80
maintenance

Findings (3)

Coarse signal โ€” prose, single-step high

Instruction-prose smuggling shape detected: collects a sensitive target ("credentials") and emits it outward ("POST"). Phrased as prose with no trigger tokens โ€” a semantic prompt-injection / data-exfil pattern the syntactic scanners can't see. Final tier capped at Caution; review the instructions before installing.

SKILL.md ยท 1. Purchase POST AI: https://postai.myscalev.com/ 2. Extract credentials from email/confirmation 3. Copy `config.example.json` to `config.json` 4. Fill in your

Pattern match medium

subprocess execution โ€” runs system commands from Python

scripts/batch_process.py ยท prose ยท downgraded ยท subprocess.run(

Pattern match low

Python urllib.request โ€” network access

scripts/batch_process.py ยท prose ยท downgraded ยท urllib.request

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class D). Final tier capped at Caution โ€” cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

No declared permissions โ€” minimal attack surface.

network_incredential_access

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API