Client

This skill appears to be what it says: a local Node-based E2EE client that communicates with a broker you must specify. Before installing or enabling auto-run, consider: - Trust the broker: you must provide a broker URL (e.g., a third-party worker or your own deployment). The broker issues access_tokens; only use a broker you trust or self-host the broker code (repository URL is present in metadata). - Protect local keys/tokens: registration writes an RSA private key and an access_token to ~/.openclaw/moltpost/. Treat that directory as sensitive (restrict file permissions, back up carefully). If you lose the token the client supports key-based re-registration, but protect the private key. - Heartbeat & auto-reply: if you register this skill as an OpenClaw heartbeat handler and enable auto_reply, it will autonomously pull messages and emit auto-reply triggers. Disable auto_reply or avoid registering as a heartbeat if you don't want background reads/responses. - Configuration mismatch: the skill reads/writes ~/.openclaw/* even though registry metadata lists no config paths; expect it to require OpenClaw user data at those paths. - Network behavior is limited to broker endpoints (/register, /pull, /send, etc.). Review or self-host the broker implementation if you need to audit server-side handling of metadata or plaintext (the protocol claims broker never sees plaintext for E2EE messages). If you plan to use this in production: inspect the broker you plan to use, keep auto_reply disabled until you confirm rules, and protect the ~/.openclaw/moltpost/ keys and config files.