Postsyncer
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with the wrong workspace or text, the agent could create an unwanted social media post.
The skill documents a command that can create a social media post. This is aligned with the stated PostSyncer purpose, but posting content can affect public or business-facing accounts.
postsyncer create-post -w <workspace_id> -t "Hello world"
Review the target workspace and post text before allowing the command to run, and prefer draft/approval workflows where available.
Anyone or any agent process with access to this key may be able to act on the linked PostSyncer account according to the key's permissions.
The skill requires a PostSyncer API key, which is expected for managing a PostSyncer account but grants delegated account authority.
requires:\n env: ["POSTSYNCER_API_KEY"]
Use a revocable, least-privileged API key if PostSyncer supports scopes, and rotate it if it is exposed.
A user could accidentally run an untrusted or unrelated local postsyncer executable if they have not verified where it came from.
The skill itself does not install code, but its documentation assumes a postsyncer command exists while the registry provides no source or install provenance.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Install or use the PostSyncer CLI only from an official, verified source before following the command examples.