Send real Document in the Mail via PostalForm

This skill appears to be doing what it says (create PostalForm orders and pay them), but pay attention to these points before installing or granting runtime access: - Expect to provide wallet signing capabilities: the instructions assume you have a signing client (purl or another x402 client), access to keystore files (or raw private keys), and a password or interactive signing approval. The skill metadata does not declare these requirements — confirm how your agent runtime will supply them. - Never hand over raw private keys to an agent or put them in plaintext env vars. Prefer encrypted keystores, ephemeral wallets, or wallets that require a hardware or interactive approval if possible. - Limit blast radius: use a wallet with a small balance and set a conservative --max-amount cap as recommended in the examples. Test with small, low-cost orders first (validate endpoint and small payments). - Verify the endpoint: the skill directs traffic to https://postalform.com — confirm this is the legitimate service you expect and that you trust it to handle payments and address data. - Ensure explicit human approval for any on-chain/payment signing actions. The skill can be invoked autonomously by agents; require an explicit consent/approval step for payments. - Logging: follow the skill's own security rules (do not log passwords or private keys). Make sure your runtime enforces these logging rules. If you want to accept this skill, ask the publisher to update the manifest to declare required binaries (e.g., purl), required env vars or config paths (keystore locations or a primary wallet credential), and to document expected interactive approval patterns. If you cannot provide a dedicated, limited wallet for testing, treat this skill as risky.