Postsyncer
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-postsyncer Version: 0.1.0 The skill bundle defines a simple OpenClaw skill for managing social media workflows with PostSyncer. It requires an API key (`POSTSYNCER_API_KEY`) as an environment variable, which is a standard practice for interacting with external services. The `SKILL.md` provides clear setup instructions and basic CLI commands (`postsyncer workspaces`, `postsyncer posts`, `postsyncer create-post`) that align with the stated purpose. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection attempts against the agent, or obfuscation in the provided files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with the wrong workspace or text, the agent could create an unwanted social media post.
The skill documents a command that can create a social media post. This is aligned with the stated PostSyncer purpose, but posting content can affect public or business-facing accounts.
postsyncer create-post -w <workspace_id> -t "Hello world"
Review the target workspace and post text before allowing the command to run, and prefer draft/approval workflows where available.
Anyone or any agent process with access to this key may be able to act on the linked PostSyncer account according to the key's permissions.
The skill requires a PostSyncer API key, which is expected for managing a PostSyncer account but grants delegated account authority.
requires:\n env: ["POSTSYNCER_API_KEY"]
Use a revocable, least-privileged API key if PostSyncer supports scopes, and rotate it if it is exposed.
A user could accidentally run an untrusted or unrelated local postsyncer executable if they have not verified where it came from.
The skill itself does not install code, but its documentation assumes a postsyncer command exists while the registry provides no source or install provenance.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Install or use the PostSyncer CLI only from an official, verified source before following the command examples.