Postproxy

OpenClaw Agent Skill The skill is classified as suspicious due to the combination of broad permissions and risky capabilities. It explicitly allows the AI agent to execute arbitrary Bash commands (`allowed-tools: Bash` in SKILL.md) and demonstrates the ability to upload any local file (`-F "media[]=@/path/to/image.jpg"` in SKILL.md) to the external API at `https://api.postproxy.dev`. While these capabilities are presented as part of the skill's stated purpose (managing social media posts), they represent significant attack surface for potential abuse, such as unauthorized file exfiltration or arbitrary command execution, if the agent were to be prompted maliciously.