postiz

Warn

Audited by Socket on Jun 7, 2026

1 alert found:

Anomaly
AnomalyLOW
crawlchat.js

This module is a straightforward third-party widget loader. It does not show overt malicious logic in the snippet itself, but it dynamically executes external JavaScript from a third-party domain without integrity/SRI verification and passes a hardcoded tenant/identifier via data attributes. The main risk is supply-chain/trust: if the hosted embed script is compromised or behaves maliciously, it could affect the hosting page.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 7, 2026, 05:28 PM
Package URL
pkg:socket/skills-sh/gitroomhq%2Fpostiz-docs%2Fpostiz%2F@204bae300f3389498834d932aaa51af46e37837b
Security Audit — socket — postiz