I think the general answer is "It should be ok, but TOTP wasn't designed for this so you won't get any guarantees".
If we dive into how TOTP works (general description at wikipedia, full spec in RFC 6238), the TOTP value is computed as (example, simplified)
SHA2_HMAC( secret_seed, system_time_rounded_to_30s )
Generally login servers will check all time values within a +/- 5 minute window in case the device's system clock is off (which is needed for hardware TOTP tokens like those pictured below that have no way to sync).
So your TOTP values may actually still be valid for ~ 5 minutes. Also, as @AndrolGenhald points out, they may become valid again if the server's system clock gets set back.
This question does a good job of addressing the "can the original seed be derived" part of your question, the general answer is "it shouldn't be possible as long as the shared secret_seed
is 32 bytes or more".
It's also possible that the website's implementation has some edge-cases that break this general advice. For example, some websites issue account recovery codes that look like TOTP codes, but I don't know if they're actually related to your TOTP seed or not.
Bottom line: I can't think of any attack from posting a list of expired OTP codes, but I also can't guarantee that it's safe.
If you're at a coffee shop, probably best to be careful about who can shoulder-surf your TOTP codes. If you want to post old codes online, probably best to register a new code generator and unlink the other one from your account before posting.