Raindrop.io API
v0.1.0Build, debug, and explain integrations with Raindrop.io, including OAuth 2 authorization, bearer-token REST API calls, collections and raindrops CRUD flows,...
⭐ 0· 117·0 current·0 all-time
byCheng@huangcheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description (Raindrop.io API, OAuth, REST/MCP flows) match the SKILL.md and reference file. All described actions (collections, raindrops, tags, import/export, MCP) are documented and expected for this skill.
Instruction Scope
SKILL.md provides detailed, scoped runtime instructions for choosing endpoints, auth flows, rate-limit handling, and when to ask the user for credentials. It does instruct the agent to request client credentials or bearer tokens from the user for live calls — expected for an API helper, but users should be aware they'll be asked to provide secrets if they want live requests.
Install Mechanism
No install spec and no code files that execute on disk; the skill is instruction-only, which is the lowest install risk.
Credentials
The skill declares no required environment variables or primary credential. The instructions say to use existing environment tokens if present or ask the user for credentials. That is proportionate to an API helper, but the skill may read/use tokens found in the environment even though none are declared — users should be aware of that behavior.
Persistence & Privilege
always is false and there are no install hooks or persistent privileges requested. The skill can be invoked by the agent normally; no elevated or persistent system privileges are requested.
Assessment
This skill is an instruction-only Raindrop.io API helper and appears coherent with its description. It will not install software, but to perform live API calls it will ask for OAuth client credentials or a bearer token (or use one already present in the environment). Before proceeding: only provide tokens/credentials you control and are comfortable sharing, prefer test tokens or least-privilege scopes, and be ready to revoke tokens after use. If you do not want to share secrets, ask the agent to produce example requests or mock responses instead of making live calls. Because the skill can use any token it finds in the environment, consider running it in a session that does not contain other sensitive credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk977anr4m2yag79x2n1gavpy1h836kj2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.