Is lao9s/mixpost safe?

https://github.com/openclaw/skills/tree/main/skills/lao9s/mixpost

96
SAFE

The lao9s/mixpost skill is a clean, documentation-only API reference for the Mixpost self-hosted social media management platform. It contains no executable code, no prompt injection vectors, no data exfiltration instructions, and passed all canary integrity checks. The only notable risk is inherent to the skill's legitimate purpose: when active, it enables an agent to create, publish, and irreversibly delete social media content across up to 13 platforms simultaneously.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 97/100 · 25%
Code Execution 99/100 · 20%
Clone Behavior 93/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (3)

INFO Pre/post-install canary accesses are audit-framework artifacts 0

Sensitive credential files were opened in syscall logs at two timestamps symmetrically bracketing the install. Cross-referencing EXECVE timestamps confirms both access events were the Oathe audit harness performing its canary baseline and post-install integrity checks, not the skill under test. All canary files were confirmed intact.

LOW Multi-platform social media publishing and deletion capability -12

The skill provides full CRUD access to social media content across 13 platforms via a self-hosted Mixpost instance. An agent operating under ambiguous instructions could publish or delete content at scale. The delete_mode 'app_and_social' option is particularly irreversible. Risk is proportional to the breadth of connected social accounts and is inherent to the skill's stated purpose.

INFO No executable code present 0

The skill consists entirely of markdown documentation. No scripts, hooks, install triggers, or runnable code are present anywhere in the skill package.