Send real Document in the Mail via PostalForm
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent, but it should be reviewed because it can autonomously send real postal mail and spend from a wallet without an explicit final human approval requirement.
Install only if you are comfortable with an agent preparing real PostalForm orders and wallet-backed payments. Before any send, manually confirm the exact PDF, sender and recipient addresses, quote, payment network, and spending cap, and use a dedicated limited wallet rather than a primary wallet.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly autonomous invocation could spend funds and send a physical letter to the wrong recipient or with the wrong contents, which may be difficult to undo after submission.
This directs the agent to perform a real-world action and make a payment. The artifacts include quote checks and a max-amount recommendation, but they do not require an explicit final human approval before submitting the paid physical-mail order.
Use when an agent must autonomously mail a real physical letter/document ... Create order and settle x402 payment ... Create payment using your wallet stack ... Retry the exact same request body with `PAYMENT-SIGNATURE`.
Require a final user approval gate before payment/order creation, showing the PDF or hash/preview, sender and recipient addresses, page count, quoted price, payment network, and max amount. Consider disabling autonomous invocation for the final send step.
If the agent or wallet configuration is misused, funds could be spent from the selected wallet up to the configured cap.
The example uses a local wallet keystore and password to authorize payment. This is expected for x402 payment, and the skill recommends a max amount and secure handling, but it is still sensitive financial authority and is not declared as a registry credential.
purl \ --wallet ~/.purl/keystores/my-wallet.json \ --password "$PURL_PASSWORD" \ --network eip155:8453 \ --max-amount 5000000
Use a dedicated low-balance wallet or limited spending profile, verify the units and value of `--max-amount`, provide passwords only through a secure prompt or secret store, and avoid exposing private keys or wallet passwords in logs.