PostMe Deploy
v1.0.3Deploy local HTML/frontend files to PostMe (dele.fun) and get a live URL
⭐ 0· 58·0 current·0 all-time
MIT-0
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill declares and implements a deploy-to-PostMe workflow: it reads local files, bundles them, and POSTs them to a PostMe upload endpoint. Requiring a POSTME_API_KEY and optionally POSTME_API_URL is proportionate for that purpose. One inconsistency: the registry metadata above says "Required env vars: none" while SKILL.md explicitly requires POSTME_API_KEY — this appears to be a metadata oversight.
Instruction Scope
The SKILL.md instructs the agent to determine an absolute target_path and upload every file found under it. That scope is appropriate for deploying a project folder, but the allowed-tools (read(*), glob(*)) and the implementation mean the agent could read and upload any path the caller supplies. The instructions do not attempt to read unrelated system configuration or credentials.
Install Mechanism
This is an instruction-only skill with no install spec and no remote downloads. It mentions a normal Python dependency (requests) which the README asks the operator to pip install; there is no embedded/install-time network fetch of arbitrary code.
Credentials
The skill requires a single service credential (POSTME_API_KEY) and optionally a custom API URL — both are expected for an API-based deployer. The required secret is proportional, but because it is sensitive, you should only set it for a trusted agent and consider scoping or rotating the key. Also note the registry metadata does not reflect this required env var, which could confuse users.
Persistence & Privilege
The skill does not request permanent/always-on presence (always: false) and does not modify other skills or system-wide config. Autonomous invocation is permitted by default (disable-model-invocation: false) which is normal for skills; combine this with the fact the skill can read local paths only when invoked.
Scan Findings in Context
[no-regex-findings] expected: The static regex scanner found no issues; the SKILL.md contains an embedded Python implementation (file I/O + HTTP upload) but there were no separate code files for the scanner to analyze. The presence of file I/O and network requests is expected for a deploy skill.
Assessment
This skill does what it says: it will read files under whatever path you pass it and upload them to the PostMe API using a POSTME_API_KEY. Before installing or enabling it: (1) confirm the skill's source/trustworthiness (homepage is missing), (2) only provide a target_path that contains non-sensitive files (do not point it at your home directory), (3) store the POSTME_API_KEY in a secure place and consider using a scoped/temporary key if PostMe supports it, (4) be aware the registry metadata incorrectly lists no required env vars — rely on the SKILL.md, and (5) if you want extra safety, test with a dummy key and non-sensitive sample content first and rotate the API key afterwards.Like a lobster shell, security has layers — review code before you run it.
latest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
PostMe Deploy Skill
Overview
This skill allows AI Agents (OpenClaw, Cursor, Claude, etc.) to automatically deploy generated HTML files or frontend project folders to PostMe (https://www.dele.fun) — a static site hosting platform. It returns a live URL that can be shared with the user.
Required Environment Variables
| Variable | Description |
|---|---|
POSTME_API_KEY | Required. Your PostMe API key for authentication. Get one at https://www.dele.fun/api-keys |
POSTME_API_URL | Optional. Defaults to https://www.dele.fun/api/upload |
Prerequisites
-
PostMe API Key: Generate an API key at https://www.dele.fun/api-keys, then set it as an environment variable:
POSTME_API_KEY="your-secret-agent-key" -
Python Dependencies: The skill requires the
requestslibrary.pip install requests
Usage Instructions for the Agent
When a user asks you to deploy, publish, or share a web application (like an HTML file or a frontend project folder) that you have just created, you should use this skill.
- Determine the absolute path to the generated folder or file (
target_path). - Invent a suitable, URL-friendly name for the application (
app_name). It must contain only lowercase letters, numbers, and hyphens. - Call the
postme_deployskill with these parameters. - Present the resulting URL to the user.
Example
If you generated a project in /tmp/workspace/my-app, you would call the skill with:
target_path:/tmp/workspace/my-appapp_name:my-app-v1
The skill will return a success message containing the live URL, e.g., Deployment successful! URL: https://www.dele.fun/app/my-app-v1/.
Tool Definition
{
"name": "postme_deploy",
"description": "Deploy a local folder or HTML file to the PostMe system to get a live web URL.",
"parameters": {
"type": "object",
"properties": {
"target_path": {
"type": "string",
"description": "The local path to the folder or HTML file you want to deploy."
},
"app_name": {
"type": "string",
"description": "A unique, URL-friendly name for the application (lowercase letters, numbers, hyphens only)."
},
"api_url": {
"type": "string",
"description": "The full URL to the PostMe /api/upload endpoint. Defaults to https://www.dele.fun/api/upload"
},
"api_key": {
"type": "string",
"description": "The API key for authentication (POSTME_API_KEY)."
},
"app_desc": {
"type": "string",
"description": "A short description of what the application does."
}
},
"required": [
"target_path",
"app_name"
]
}
}
Python Implementation (postme_deploy.py)
import os
import requests
import re
from typing import Optional
def execute(
target_path: str,
app_name: str,
api_url: str = "https://www.dele.fun/api/upload",
api_key: Optional[str] = None,
app_desc: Optional[str] = None
) -> str:
"""
Deploy a local folder or HTML file to the PostMe system.
"""
if not os.path.exists(target_path):
return f"Error: Target path '{target_path}' does not exist."
if not re.match(r'^[a-z0-9-]+$', app_name):
return "Error: app_name must contain only lowercase letters, numbers, and hyphens."
files_to_upload = []
if os.path.isfile(target_path):
files_to_upload.append((target_path, os.path.basename(target_path)))
elif os.path.isdir(target_path):
for root, _, files in os.walk(target_path):
for file in files:
file_path = os.path.join(root, file)
rel_path = os.path.relpath(file_path, target_path).replace(os.sep, '/')
files_to_upload.append((file_path, rel_path))
else:
return f"Error: '{target_path}' is neither a file nor a directory."
if not files_to_upload:
return "Error: No files found to upload."
multipart_data = [('appName', (None, app_name))]
if app_desc:
multipart_data.append(('appDesc', (None, app_desc)))
file_handles = []
try:
for file_path, rel_path in files_to_upload:
f = open(file_path, 'rb')
file_handles.append(f)
multipart_data.append(('files', (os.path.basename(file_path), f)))
multipart_data.append(('paths', (None, rel_path)))
headers = {}
if api_key:
headers['Authorization'] = f"Bearer {api_key}"
headers['x-agent-user'] = "openclaw-agent"
response = requests.post(api_url, files=multipart_data, headers=headers)
if response.status_code in (200, 201):
data = response.json()
base_url = api_url.replace('/api/upload', '')
return f"Deployment successful! URL: {base_url}{data.get('url', f'/app/{app_name}/')}"
else:
try:
err_msg = response.json().get('error', response.text)
except:
err_msg = response.text
return f"Deployment failed (Status {response.status_code}): {err_msg}"
except Exception as e:
return f"Error during deployment: {str(e)}"
finally:
for f in file_handles:
f.close()
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…