← 返回 Skills 市场

Postbox

Name: Postbox
Author: vipulbhj

作者 Vipul · GitHub ↗ · v1.0.9 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install postbox

功能描述

Use this skill when the user wants to collect structured data, build forms, or set up submission endpoints — contact forms, feedback, signups, waitlists, bug...

安全使用建议

This skill appears to be what it says: an agent helper for creating and managing Postbox forms. Before installing, consider: - Authentication: it only needs POSTBOX_API_KEY — set that as an environment variable (do not paste keys in chat). The skill itself instructs never to accept keys pasted into chat. - Network access: the skill will make real API calls to https://usepostbox.com. If you trust that service, this is expected; if you do not, do not provide the API key. - File changes: the agent may generate and update frontend files (index.html, React components) in-session; review any generated/modified code before deploying. - Broad invocation: the skill asks agents to trigger whenever users 'need data in', which may cause the skill to be suggested in more conversations — be aware if you want tighter control over when it runs. - Prompt-injection detection: a pattern was flagged in the documentation, but it is used defensively (teaching the agent not to execute commands found in submission text). If you want higher assurance, verify the vendor (usepostbox.com) and inspect any generated code before publishing. If you prefer to restrict risk, only provide the API key in a controlled environment and limit when the agent is allowed to invoke the skill.

功能分析

Type: OpenClaw Skill Name: postbox Version: 1.0.9 The 'postbox' skill facilitates integration with the Postbox service (usepostbox.com) for form management and data collection. It possesses high-risk capabilities including making external network requests to the Postbox API and modifying local project files (e.g., index.html, React components) to update integration code. While the skill demonstrates significant security awareness by explicitly instructing the agent to treat remote data as untrusted to prevent prompt injection and strictly managing credentials via environment variables (SKILL.md, references/guide.md), the inherent risks of automated file system modification and network access meet the threshold for a suspicious classification.

能力标签

cryptorequires-oauth-token

能力评估

✓ Purpose & Capability

Name/description, declared env var (POSTBOX_API_KEY), and the API-centric runtime instructions all align: the skill creates/manages forms and must authenticate to usepostbox.com. No unrelated credentials, binaries, or system paths are requested.

ℹ Instruction Scope

SKILL.md gives detailed, concrete API workflows (create/update/delete forms, read endpoint from response.form.endpoint, generate frontend code, manage submission tokens). It also instructs the agent to apply the skill broadly ('trigger even when the user doesn't name a tool'), which is a design choice that may make the skill be invoked in more contexts than a narrowly-scoped integration. A prompt-injection pattern was detected in the text, but it appears inside examples/advice instructing the agent to treat returned data as untrusted (i.e., to NOT execute commands found inside submission content).

✓ Install Mechanism

Instruction-only skill with no install spec and no code files to execute on disk — minimal risk from installation mechanics.

✓ Credentials

Only a single environment variable (POSTBOX_API_KEY) is required and declared as primaryEnv, which is appropriate for an API-driven form-management service. No unrelated secrets or high-privilege config paths are requested.

✓ Persistence & Privilege

The skill is not marked always:true and does not request system-wide configuration or other skills' credentials. It will make network calls to usepostbox.com when invoked (normal for an integration).

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install postbox
安装完成后，直接呼叫该 Skill 的名称或使用 /postbox 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.9

- Added OpenClaw metadata specifying required environment variables and homepage. - No changes to skill logic, API usage, or workflows. - All prior usage guidance, best practices, and gotchas remain unchanged.

v1.0.8

- Added license information (MIT-0) to clarify usage terms. - Introduced metadata specifying that POSTBOX_API_KEY is a required environment variable, with a link to generate it. - No changes to usage instructions or core workflow. - Documentation improved for clarity and formalized environmental requirements.

v1.0.7

- Expanded and clarified the SKILL.md documentation to include comprehensive instructions, best practices, and key "gotchas" for Postbox usage. - Explicitly defined correct endpoint handling, schema updates, token visibility, frontend integration code requirements, and error processing. - Added guided, collaborative workflows for form creation (context questions, proposal, confirmation, and delivery of necessary assets). - Detailed agent schema discovery for seamless AI and automation integration. - Strengthened emphasis on data trust boundaries and proper handling of all returned data and tokens.

元数据

Slug postbox

版本 1.0.9

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

Postbox 是什么？

Use this skill when the user wants to collect structured data, build forms, or set up submission endpoints — contact forms, feedback, signups, waitlists, bug... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 89 次。

如何安装 Postbox？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install postbox」即可一键安装，无需额外配置。

Postbox 是免费的吗？

是的，Postbox 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Postbox 支持哪些平台？

Postbox 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Postbox？

由 Vipul（@vipulbhj）开发并维护，当前版本 v1.0.9。