Is upload-post safe?

https://clawhub.ai/victorcavero14/upload-post

78
CAUTION

Upload-Post is a documentation-only skill with no executable code, clean installation behavior, and intact canary files. However, its core functionality — uploading files and posting content to 10 social media platforms via a third-party API — presents meaningful data exfiltration and unauthorized action risks. The external LLM-friendly documentation URL (llm.txt) is a prompt injection surface that could be weaponized by the domain owner.

Category Scores

Prompt Injection 72/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 55/100 · 5%

Findings (9)

MEDIUM External URL references for agent fetching -15

The skill references https://docs.upload-post.com and https://docs.upload-post.com/llm.txt as documentation sources. The llm.txt URL is specifically designed for LLM consumption. If an agent fetches this URL, it could contain prompt injection payloads that override behavior. The skill author or domain owner could change this content at any time.

MEDIUM API key exposure through agent instructions -8

The skill instructs agents to include API keys in Authorization headers. Agents that log, cache, or display their tool usage could inadvertently expose these credentials in conversation history, debug logs, or error messages.

LOW Arbitrary FFmpeg command composition -5

The FFmpeg endpoint accepts a full_command parameter with arbitrary FFmpeg arguments. While execution is server-side, an agent composing these commands based on user input could be manipulated into crafting commands that process unintended files or produce unexpected outputs.

HIGH File upload to third-party service -20

The skill's core functionality involves uploading local files (videos, photos, documents) to api.upload-post.com. An agent with filesystem access could be socially engineered or prompt-injected into uploading sensitive files. The upload_document endpoint specifically handles PDFs, PPTs, and DOCs up to 100MB — common formats for confidential business documents.

LOW Remote FFmpeg media processing -5

The /ffmpeg endpoint sends media files to a remote server for processing. Even in benign usage, this means user media leaves their environment and is processed on infrastructure controlled by upload-post.com.

MEDIUM Unauthorized social media posting risk -30

This skill grants an agent the capability to post content to 10 social media platforms simultaneously. If another skill or a prompt injection manipulates the agent, it could post unauthorized, embarrassing, or harmful content across all connected accounts. The scheduling feature amplifies this risk by allowing delayed execution.

MEDIUM Scheduled post abuse potential -15

The scheduling feature allows posts to be created for future publication. An attacker could schedule harmful posts during a session and the content would only appear after the user has stopped monitoring the agent.

INFO Agent runtime reads sensitive files during install -10

The OpenClaw agent runtime (not the skill itself) reads .env, .aws/credentials, .profile, .bashrc, and auth configuration files during the skill installation process. This is expected runtime behavior but demonstrates these files are accessible.

INFO No executable code present 0

The skill consists entirely of markdown documentation files with no executable code, install scripts, git hooks, submodules, or symlinks. This is a clean documentation-only skill.