Agentic Letters
v1.1.2Send physical letters anywhere in Germany with a single command. Use when: user wants to send a physical letter. Requires an API key from agentic-letters.com.
⭐ 0· 353·0 current·0 all-time
byMoritz Eigenauer@eisimo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (send physical letters in Germany) aligns with what the files do: a Python CLI that base64-encodes a PDF and POSTs it to https://agentic-letters.com/api. Required binary (python3) and primaryEnv (AGENTIC_LETTERS_API_KEY) match the stated purpose.
Instruction Scope
SKILL.md and the CLI instruct the agent to read a local PDF, encode it, and send it to the external API; they also instruct where to store the API key (~/.openclaw/secrets/agentic_letters.env) and that local records are written to ~/.openclaw/workspace/skills/agentic-letters/records. This is coherent with the advertised functionality but means the entire PDF (potentially sensitive content) is transmitted to the third-party API.
Install Mechanism
No install spec is present and the skill is instruction + a small Python CLI using only the standard library. Nothing is downloaded from untrusted URLs and no installers or archive extraction are used.
Credentials
The only required credential is AGENTIC_LETTERS_API_KEY (the documented bearer token). No unrelated secrets, config paths, or additional environment variables are requested. The CLI also accepts the key from the declared secrets file path, which matches the documentation.
Persistence & Privilege
always is false and the skill does not request elevated or global agent privileges. It writes local record files under ~/.openclaw/workspace/skills/agentic-letters/records and uses a user-owned secrets file under ~/.openclaw/secrets; this is expected for maintaining send history but does create persistent local data.
Assessment
This skill appears to do what it claims: it reads a PDF and uploads the entire file to agentic-letters.com using your AGENTIC_LETTERS_API_KEY, then writes JSON records locally. Before installing, consider: (1) privacy — any sensitive data in the PDF (bank details, personal ID, medical data) will be sent to a third party; (2) trust & legal — verify agentic-letters.com (privacy policy, data retention, location) before giving it an API key; (3) local records are stored unencrypted under your home directory — if that matters, store them elsewhere or clean them regularly; (4) the skill suggests using third-party tools (pandoc, wkhtmltopdf, reportlab) to generate PDFs — those tools are not installed by the skill and may have their own security considerations. If you need higher assurance, review the full agentic_letters.py file locally, run the CLI in a sandboxed environment, and rotate or limit the API key if you suspect misuse.Like a lobster shell, security has layers — review code before you run it.
briefvk97435zym3190sk6bvhpaqp9j181thnkdhlvk97435zym3190sk6bvhpaqp9j181thnklatestvk97c0r3e8xya0w2g0tr00c0mwd81vry7lettersvk97435zym3190sk6bvhpaqp9j181thnkpostvk97435zym3190sk6bvhpaqp9j181thnk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
✉️ Clawdis
Binspython3
Primary envAGENTIC_LETTERS_API_KEY