ClawHub

Postsyncer

v0.1.0

Manage your PostSyncer social media workflows.

1· 1.8k·0 current·0 all-time
by@abakermi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md shows runtime commands like `postsyncer workspaces` and `postsyncer create-post`, which require a local 'postsyncer' CLI binary or an install step. The registry metadata lists no required binaries and provides no install spec. That mismatch (skill assumes a binary but doesn't declare or install it) is an incoherence — either the skill should declare the binary as required or provide an install mechanism or change to direct API usage.
Instruction Scope
The instructions are narrowly scoped to managing PostSyncer via an API key and running the 'postsyncer' CLI. They only reference the POSTSYNCER_API_KEY environment variable and the PostSyncer settings URL. They do not request unrelated files, other credentials, or system paths. The only scope issue is the implicit requirement for the CLI binary which is not declared.
Install Mechanism
No install spec is provided and no code is shipped; as an instruction-only skill this is low-risk. However, if the intended runtime relies on a third-party CLI, the absence of an install mechanism means the agent will fail unless the user already installed that tool.
Credentials
The skill claims a single required env var (POSTSYNCER_API_KEY), which matches the described purpose of interacting with PostSyncer. No unrelated credentials or broad access are requested.
Persistence & Privilege
The skill does not request always: true and makes no claims about modifying other skills or system-wide settings. Autonomous invocation is enabled by default but is not excessive here given the limited requested scope.
What to consider before installing
This skill appears to be a thin wrapper around the PostSyncer CLI but does not declare or install that CLI. Before installing or enabling it: 1) verify you have the official 'postsyncer' CLI installed on your system and that it's the expected tool (check origin and version); 2) confirm the POSTSYNCER_API_KEY is scoped appropriately and was obtained from the official PostSyncer site (https://app.postsyncer.com); 3) if you expect the skill to work without a preinstalled CLI, ask the publisher why there's no install spec or request a versioned install step from a trusted source (GitHub releases or official package registry); 4) treat the API key like a secret — do not reuse high-privilege keys and rotate/revoke if unsure. The main risk here is operational confusion or a broken integration rather than explicit malicious behavior, but the missing binary/install information should be resolved before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk977bdqvr5y8emz0h2v8mvd7rs80bz38

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
EnvPOSTSYNCER_API_KEY

Comments