← Back to Skills Marketplace
257
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install posta
Description
Post to Instagram, TikTok, LinkedIn, YouTube, X/Twitter, Facebook, Pinterest, Threads and Bluesky from your terminal. Create posts with AI-generated images a...
Usage Guidance
This skill appears to do what it claims: manage Posta accounts and optionally call AI services for content. Before installing: 1) Only provide POSTA_API_TOKEN if you trust the Posta service; tokens are cached in /tmp for the session so revoke them if exposed. 2) Be aware the helper reads ~/.posta/credentials and .env/.env.local/.env.production in the working directory for exact variable names (it will not read other files), so avoid storing unrelated secrets in those files in projects you use with this skill. 3) The docs inconsistently mention searching shell profiles; in practice the shipped script does not read ~/.bashrc or ~/.zshrc — verify the version you install if this matters. 4) If you enable AI generation, you’ll need to supply FIREWORKS_API_KEY / GEMINI_API_KEY / OPENAI_API_KEY and the skill will make network calls to those external APIs. 5) Review the GitHub source (homepage) if you want additional assurance; revoke any tokens you test with if you suspect exposure.
Capability Analysis
Type: OpenClaw Skill
Name: posta
Version: 1.2.2
The 'posta' skill is a social media management tool designed to interact with the Posta API. It provides comprehensive bash helper functions in 'scripts/posta-api.sh' for managing posts, media, and analytics across multiple platforms. The skill includes proactive security measures, such as SSRF protection for URL-based media uploads and a credential discovery mechanism that is restricted to specific files (~/.posta/credentials, .env) and specific variable names. The instructions in 'SKILL.md' emphasize user confirmation and safety, and no evidence of malicious behavior, data exfiltration, or unauthorized execution was found.
Capability Assessment
Purpose & Capability
Name/description (social posting, scheduling, analytics, AI image/text generation) align with required binaries (curl, jq), the single primary credential (POSTA_API_TOKEN), and the helper scripts which call the Posta API and optional AI provider APIs.
Instruction Scope
The SKILL.md and scripts limit actions to calling the Posta API, uploading media via signed URLs, and optionally calling Fireworks/Gemini/OpenAI for generation. The helper script reads a small, explicit list of credential files and environment variables. Minor inconsistency: some docs/examples claim the skill searches shell profiles (~/.zshrc, ~/.bashrc), but the actual script's _POSTA_CREDENTIAL_SOURCES does not include those files (the script only checks ~/.posta/credentials and specific .env files). This mismatched documentation should be clarified but does not change the overall scope.
Install Mechanism
Instruction-only skill with shipped helper scripts (no network install, no arbitrary downloads). No install spec that fetches external archives or runs unknown installers.
Credentials
Primary required env is POSTA_API_TOKEN (appropriate). Optional vars (FIREWORKS_API_KEY, GEMINI_API_KEY, OPENAI_API_KEY, POSTA_BASE_URL) are reasonable for AI generation and alternate API endpoints. The script will read the declared .env files and ~/.posta/credentials for these exact variable names only — this is expected, but users should be aware that .env files in the working directory will be inspected for those variables.
Persistence & Privilege
No special platform privileges requested. Token caching is local to /tmp. always is false and the skill does not modify other skills or system-wide configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install posta - After installation, invoke the skill by name or use
/posta - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.2
Remove shell profile access, add HTTPS URL validation, require user consent for hashtags
v1.2.1
Add SECURITY.md, harden credential discovery for scanner review, bump version
v1.2.0
ClawHub metadata, improved description, TikTok privacy level requirement
v1.1.0
Initial release
Metadata
Frequently Asked Questions
What is Posta?
Post to Instagram, TikTok, LinkedIn, YouTube, X/Twitter, Facebook, Pinterest, Threads and Bluesky from your terminal. Create posts with AI-generated images a... It is an AI Agent Skill for Claude Code / OpenClaw, with 257 downloads so far.
How do I install Posta?
Run "/install posta" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Posta free?
Yes, Posta is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Posta support?
Posta is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Posta?
It is built and maintained by STGime (@stgime); the current version is v1.2.2.
More Skills