← Back to Skills Marketplace
Postavel
by
Vladimir Nikolic
· GitHub ↗
· v1.5.0
610
Downloads
0
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install postavel
Description
Connect to Postavel social media management platform via MCP (Model Context Protocol). Create, schedule, and manage social media posts across Facebook, Insta...
Usage Guidance
This skill appears coherent for connecting an AI assistant to Postavel via an MCP client. Before installing: (1) verify that https://postavel.com is the legitimate service you expect; (2) prefer running the included local script (~/.openclaw/workspace/skills/postavel/scripts/setup-mcp.sh or scripts/install-mcp.sh) after inspecting it instead of piping a remote URL directly to bash; (3) avoid running installation commands with sudo unless required and inspect any binary downloaded to /usr/local/bin; (4) be aware the flow opens your browser for OAuth and stores tokens in ~/.config/mcporter — you can revoke access later from Postavel settings; (5) if uncertain about mcporter, install it from its official upstream (Homebrew, npm, or GitHub releases) instead of a site-hosted installer.
Capability Analysis
Type: OpenClaw Skill
Name: postavel
Version: 1.5.0
The skill is classified as suspicious primarily due to the high-risk installation method described in `SKILL.md` and implemented in `scripts/install-mcp.sh`. The instruction `curl -fsSL https://postavel.com/install-mcp | bash` combined with the script's use of `sudo curl -L -o /usr/local/bin/mcporter` for binary download represents a significant supply chain vulnerability. If `postavel.com` were compromised, an attacker could replace the installation script with arbitrary malicious code, leading to remote code execution with elevated privileges on the user's system. While the current script content is benign and aims to install a legitimate tool, this method creates a critical attack surface. There are no direct prompt injection attempts with malicious intent in `SKILL.md`, nor any other clear indicators of intentional malware like data exfiltration or persistence.
Capability Assessment
Purpose & Capability
Name/description match the actions requested: the skill connects to Postavel via MCP, uses an MCP client (mcporter), and lists/creates/schedules posts. No unrelated credentials, binaries, or behaviors are requested.
Instruction Scope
SKILL.md stays within the stated purpose: it instructs installing/configuring mcporter, running OAuth in the browser, and then calling Postavel MCP operations. It does not ask the agent to read unrelated system files or exfiltrate data. The instructions do include an inline curl | bash installer and commands that run mcporter and write ~/.config/mcporter/postavel.json (expected for this integration).
Install Mechanism
No package is forced by the skill itself (instruction-only), but the docs and scripts recommend installing mcporter via Homebrew/npm or a direct download from GitHub releases. SKILL.md also suggests running curl -fsSL https://postavel.com/install-mcp | bash — a convenient but higher-risk pattern. The included scripts mirror the same steps, and direct downloads point to GitHub releases (reasonable).
Credentials
The skill declares no required env vars or credentials. Reference docs mention optional MCPORTER_POSTAVEL_* env vars for convenience, which are proportionate to an MCP client. OAuth tokens are stored locally under ~/.config/mcporter as described — expected for this flow.
Persistence & Privilege
always:false and no attempt to modify other skills or system-wide agent settings. The skill writes a mcporter config into the user's ~/.config/mcporter/ (normal for this client) and launches an OAuth flow. This is expected and proportionate.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install postavel - After installation, invoke the skill by name or use
/postavel - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.0
Fix mcporter workflow: use config add + auth, not auth URL directly
v1.4.0
Fix MCP setup: use correct mcporter auth syntax, simplify to 2 steps
v1.3.0
Simplify setup: one-command installer, automatic PATH detection, handles edge cases
v1.2.0
Add interactive first-time setup detection and guided mcporter configuration
v1.1.0
Add automated setup script and detailed MCP configuration guide
v1.0.0
Initial release of the Postavel skill with Model Context Protocol (MCP) support.
- Connect to Postavel and manage social media content across Facebook, Instagram, and LinkedIn.
- Create, schedule, and approve posts; review content calendars and post statuses.
- Support for listing workspaces, clients, brands, and connected platforms.
- Handles role-based permissions and approval workflows.
- Works with prompts in English, Serbian/Croatian, and German.
- Guides first-time setup, authentication, and troubleshooting.
Metadata
Frequently Asked Questions
What is Postavel?
Connect to Postavel social media management platform via MCP (Model Context Protocol). Create, schedule, and manage social media posts across Facebook, Insta... It is an AI Agent Skill for Claude Code / OpenClaw, with 610 downloads so far.
How do I install Postavel?
Run "/install postavel" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Postavel free?
Yes, Postavel is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Postavel support?
Postavel is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Postavel?
It is built and maintained by Vladimir Nikolic (@nezaboravi); the current version is v1.5.0.
More Skills