diff --git a/daemon.py b/daemon.py
index 62b2560a0..67c761bd7 100644
--- a/daemon.py
+++ b/daemon.py
@@ -1283,6 +1283,49 @@ class PubServer(BaseHTTPRequestHandler):
             self.server.POSTbusy = False
             return 3
 
+        # check that some additional fields are strings
+        stringFields = ('id', 'type', 'published')
+        for checkField in stringFields:
+            if not messageJson.get(checkField):
+                continue
+            if not isinstance(messageJson[checkField], str):
+                self._400()
+                self.server.POSTbusy = False
+                return 3
+
+        # check that to/cc fields are lists
+        listFields = ('to', 'cc')
+        for checkField in listFields:
+            if not messageJson.get(checkField):
+                continue
+            if not isinstance(messageJson[checkField], list):
+                self._400()
+                self.server.POSTbusy = False
+                return 3
+
+        if messageJson.get('object'):
+            if isinstance(messageJson['object'], dict):
+                stringFields = (
+                    'id', 'actor', 'type', 'content', 'published',
+                    'summary', 'url', 'attributedTo'
+                )
+                for checkField in stringFields:
+                    if not messageJson['object'].get(checkField):
+                        continue
+                    if not isinstance(messageJson['object'][checkField], str):
+                        self._400()
+                        self.server.POSTbusy = False
+                        return 3
+                # check that some fields are lists
+                listFields = ('to', 'cc', 'attachment')
+                for checkField in listFields:
+                    if not messageJson['object'].get(checkField):
+                        continue
+                    if not isinstance(messageJson['object'][checkField], list):
+                        self._400()
+                        self.server.POSTbusy = False
+                        return 3
+
         # actor should look like a url
         if '://' not in messageJson['actor'] or \
            '.' not in messageJson['actor']:
@@ -1345,6 +1388,7 @@ class PubServer(BaseHTTPRequestHandler):
 
         originalMessageJson = messageJson.copy()
 
+        # whether to add a 'to' field to the message
         addToFieldTypes = ('Follow', 'Like', 'Add', 'Remove', 'Ignore')
         for addToType in addToFieldTypes:
             messageJson, toFieldExists = \
diff --git a/skills.py b/skills.py
index db8b1b6f7..d2e8a8306 100644
--- a/skills.py
+++ b/skills.py
@@ -95,7 +95,7 @@ def setActorSkillLevel(actorJson: {},
         ]
     ocSkillsList = getOccupationSkills(actorJson)
     skillsDict = getSkillsFromList(ocSkillsList)
-    if not skillsDict.get(skill):        
+    if not skillsDict.get(skill):
         if len(skillsDict.items()) >= 32:
             print('WARN: Maximum number of skills reached for ' +
                   actorJson['id'])