Send real Document in the Mail via PostalForm
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly autonomous invocation could spend funds and send a physical letter to the wrong recipient or with the wrong contents, which may be difficult to undo after submission.
This directs the agent to perform a real-world action and make a payment. The artifacts include quote checks and a max-amount recommendation, but they do not require an explicit final human approval before submitting the paid physical-mail order.
Use when an agent must autonomously mail a real physical letter/document ... Create order and settle x402 payment ... Create payment using your wallet stack ... Retry the exact same request body with `PAYMENT-SIGNATURE`.
Require a final user approval gate before payment/order creation, showing the PDF or hash/preview, sender and recipient addresses, page count, quoted price, payment network, and max amount. Consider disabling autonomous invocation for the final send step.
If the agent or wallet configuration is misused, funds could be spent from the selected wallet up to the configured cap.
The example uses a local wallet keystore and password to authorize payment. This is expected for x402 payment, and the skill recommends a max amount and secure handling, but it is still sensitive financial authority and is not declared as a registry credential.
purl \ --wallet ~/.purl/keystores/my-wallet.json \ --password "$PURL_PASSWORD" \ --network eip155:8453 \ --max-amount 5000000
Use a dedicated low-balance wallet or limited spending profile, verify the units and value of `--max-amount`, provide passwords only through a secure prompt or secret store, and avoid exposing private keys or wallet passwords in logs.