ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Easypost

v1.0.0

EasyPost — shipping labels, rate comparison, package tracking, address verification, and insurance.

0· 346·0 current·0 all-time
by@aiwithabidi
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the implemented functionality. The only required credential is EASYPOST_API_KEY and the script performs shipping, tracking, address verification, insurance, and refunds against https://api.easypost.com/v2 which aligns with the stated purpose.
!
Instruction Scope
SKILL.md instructs running the included CLI and only documents EASYPOST_API_KEY, but the script will also attempt to read a .env file from a WORKSPACE path (or ~/.openclaw/workspace/.env) if the env var is not set. That fallback behavior is not documented and means the tool will read files from the user's workspace without explicit mention.
Install Mechanism
Instruction-only skill with a bundled Python script; there is no install step or external download. No packages or arbitrary URLs are fetched or executed at install time.
!
Credentials
Declared required credential is a single EASYPOST_API_KEY (expected). However the script also reads the WORKSPACE environment variable (not declared) and will parse a .env file there to find the API key as a fallback. That implicit access to a workspace file could expose other local secrets if users rely on shared .env files; the skill does not declare or document this behavior.
Persistence & Privilege
Skill does not request persistent/always-on privileges, does not modify other skills or system-wide settings, and defaults for autonomous invocation are normal.
What to consider before installing
This skill is largely consistent with an EasyPost CLI, but inspect and test before trusting it with real credentials. Specific things to consider: (1) The script will try to read EASYPOST_API_KEY from a .env file in WORKSPACE or ~/.openclaw/workspace if the env var is absent — check whether you have a .env there and what it contains, or explicitly set EASYPOST_API_KEY to avoid that fallback. (2) The CLI code contains argument name mismatches/bugs (e.g., functions expect args named 'from' but the parser sets dest='from_addr'), so some commands may not work as written — validate functionality in a safe environment. (3) The script only communicates with api.easypost.com, and does not contact other external endpoints, but you should still review the code locally and run it with a test API key or in a sandbox before using production credentials.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🚚 Clawdis
EnvEASYPOST_API_KEY
Primary envEASYPOST_API_KEY
latestvk979fyvwvx3wp6sd1rr45cpqan8280eq
346downloads
0stars
1versions
Updated 6h ago
v1.0.0
MIT-0
@aiwithabidi
latest
Download

🚚 EasyPost

EasyPost — shipping labels, rate comparison, package tracking, address verification, and insurance.

Requirements

VariableRequiredDescription
EASYPOST_API_KEYEasyPost API key

Quick Start

# Create shipment & get rates
python3 {{baseDir}}/scripts/easypost.py create-shipment --from "JSON address" --to "JSON address" --parcel "JSON"

# Get shipment details
python3 {{baseDir}}/scripts/easypost.py get-shipment <id>

# List shipments
python3 {{baseDir}}/scripts/easypost.py list-shipments --page-size "20"

# Buy label for shipment
python3 {{baseDir}}/scripts/easypost.py buy-shipment <id> --rate-id <value>

# Create a tracker
python3 {{baseDir}}/scripts/easypost.py create-tracker --tracking-code <value> --carrier <value>

# Get tracker details
python3 {{baseDir}}/scripts/easypost.py get-tracker <id>

# List trackers
python3 {{baseDir}}/scripts/easypost.py list-trackers --page-size "20"

# Verify/create address
python3 {{baseDir}}/scripts/easypost.py verify-address --street1 <value> --city <value> --state <value> --zip <value> --country "US"

# Insure a shipment
python3 {{baseDir}}/scripts/easypost.py create-insurance --shipment-id <value> --amount <value>

# Refund a label
python3 {{baseDir}}/scripts/easypost.py create-refund --carrier <value> --tracking-codes "comma-separated"

# List rates for shipment
python3 {{baseDir}}/scripts/easypost.py list-rates <id>

# Create return shipment
python3 {{baseDir}}/scripts/easypost.py create-return --from "JSON" --to "JSON" --parcel "JSON" --is-return "true"

Output Format

All commands output JSON by default.

Script Reference

ScriptDescription
{baseDir}/scripts/easypost.pyMain CLI — all commands in one tool

Credits

Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents.

📅 Need help setting up OpenClaw for your business? Book a free consultation

Comments

Loading comments...