Post a message to a channel. Returns isError=true with code PERSIST_FAILED when persistence fails (U2 maintainer directive: do not swallow saveImmediate errors on the post path), CHANNEL_ARCHIVED for read-only channels, and CHANNEL_MENTIONS_TOO_MANY when a single post lists too many @mentions. Us...
AI agents use channel_post to create or update resources in Wmux — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Wmux environment.
This tool creates new messages in a channel, which is a reversible data modification (messages can typically be edited or deleted separately). While posting to channels could enable spam or unwanted communications if misused by an AI agent, it lacks the irreversibility of destructive operations, financial impact, or code execution. The blast radius is contained to channel message history and notification scope.
From the tool's definition Tool description explicitly states 'Post a message to a channel' — a write operation that creates/modifies data. Handles error conditions like CHANNEL_ARCHIVED (read-only state) and mentions limits, indicating message persistence.
Attacks that exploit this kind of access
Post a message to a channel. Returns isError=true with code PERSIST_FAILED when persistence fails (U2 maintainer directive: do not swallow saveImmediate errors on the post path), CHANNEL_ARCHIVED for read-only channels, and CHANNEL_MENTIONS_TOO_MANY when a single post lists too many @mentions. Use client_msg_id for at-most-once delivery — a repeat post with the same key returns the original. It is categorised as a Write tool in the Wmux MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Wmux MCP server in PolicyLayer and add a rule for channel_post: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Wmux. Nothing to install.
channel_post is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the channel_post rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for channel_post. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
channel_post is provided by the Wmux MCP server (openwong2kim/wmux). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
channel_post is one line of Wmux's registry record.
The record carries the whole server: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.
Teams ship this data inside their own products. See what a licence covers →