Crinkl Claws
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: crinkl-claws Version: 1.3.2 The skill's purpose is clearly defined as receipt verification and Bitcoin rewards, requiring interaction with an external MCP server (crinkl.xyz) and email content. While it handles full email data and communicates externally, these actions are necessary for its stated function. Crucially, the `HEARTBEAT.md` file includes explicit instructions for the agent to strictly validate vendor domains, discarding any containing 'spaces, quotes, parentheses, or shell metacharacters', which is a strong indicator of security awareness and proactive mitigation against potential shell injection vulnerabilities. There is no evidence of malicious prompt injection, data exfiltration beyond the stated purpose, or other harmful behaviors.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Once configured, the agent may periodically scan for recent billing emails and submit matching receipts without asking about each individual email.
The skill is designed for recurring automated tool use across email search, raw message retrieval, and receipt submission. This is disclosed and purpose-aligned, but users should understand the automation scope.
*Run each cycle. Find billing emails, verify DKIM signatures, submit to earn sats.*
Use the dedicated AgentMail path if possible, or confirm that recurring Gmail scanning is acceptable before pairing the wallet and granting email access.
The agent can read matching email content through the configured provider and use the Crinkl API key to submit receipts and check earnings.
The skill uses delegated email access and a Crinkl API key tied to a wallet. These privileges are expected for the integration and are disclosed, but they are still sensitive.
`CRINKL_API_KEY` ... `Stored in agent memory. Revocable anytime.` ... `Your human authorizes read-only Gmail access through gog's OAuth setup.`
Verify that Gmail access is read-only, revoke the Crinkl key if you stop using the skill, and prefer a dedicated inbox if you do not want the agent accessing your main mailbox.
Receipt email contents leave the email provider and are processed by Crinkl, even though the skill says the original email is discarded after verification.
Raw RFC 2822 billing emails are sent to Crinkl's remote MCP/tooling so DKIM can be verified. This data flow is central to the purpose and disclosed, but raw receipts may contain personal or purchase details.
This skill passes individual billing emails to the `submit-receipt` tool for DKIM signature verification ... the server must receive the same bytes the mail server signed.
Install only if you trust Crinkl's handling of raw receipt emails; consider using AgentMail with a dedicated receipt inbox to limit exposure.
A retained API key or message history could remain available to future agent sessions until removed or revoked.
The skill creates persistent memory entries for a credential and submitted email identifiers. This is operationally useful, but it is persistent state that should be protected and cleared when no longer needed.
Store this as your `CRINKL_API_KEY` ... Track message IDs you've already submitted in your memory.
Clear the stored key and message IDs when uninstalling or disabling the workflow, and revoke the Crinkl API key from the Crinkl app if needed.
Your security depends partly on the Crinkl MCP service and any email-access skill you install alongside it.
The skill is instruction-only locally and depends on a remote MCP server plus optional external skills for email access. This is disclosed, but the local artifact review cannot inspect the remote service behavior.
`crinkl`: { `url`: `https://mcp.crinkl.xyz/mcp` } ... Install the **gog** skill ... Install the **agentmail** skillReview and trust the Crinkl service and the chosen email skill before granting access; keep the dependency set minimal.