ClawHub

Pinata API

v1.0.9

Pinata IPFS API for file storage, groups, gateways, signatures, x402 payments, and file vectorization.

0· 820·2 current·2 all-time
byMatthias | Pinata@iammatthias
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description vs. requirements match: the skill documents Pinata API endpoints and only requests a Pinata JWT and gateway URL which are reasonable for this API.
Instruction Scope
SKILL.md lists HTTP endpoints and example request bodies; it does not instruct the agent to read unrelated files, access unrelated credentials, or send data to unexpected external endpoints.
Install Mechanism
No install spec and no code files — instruction-only skills minimize on-disk risk. Nothing is downloaded or written to disk by the skill itself.
Credentials
Requires two env vars (PINATA_JWT and PINATA_GATEWAY_URL). Both are justified for authenticating to Pinata and constructing gateway URLs; an optional PINATA_GATEWAY_KEY is only mentioned as optional.
Persistence & Privilege
always is false and the skill is user-invocable; autonomous invocation is allowed by default but not combined with elevated persistence or unrelated credential access.
Assessment
This skill is an instruction-only adapter for the Pinata API and appears internally consistent. Before installing: only provide a scoped PINATA_JWT (least-privilege API key) and ensure you trust the skill author or the linked repository; treat the JWT like any secret (rotate it if compromised). Because the skill can make API calls using your JWT, any actions allowed by that token (uploads, deletes, group changes, payment setup) can be performed — consider creating a key with limited permissions. Verify the gateway URL is your own Pinata gateway domain. There is no install step or code bundled, which reduces local risk, but be aware that the skill will perform network requests to pinata.cloud using your provided credentials, so do not supply it with credentials that grant broader cloud or wallet permissions. If you need higher assurance, check the upstream repo (https://github.com/PinataCloud/pinata-api-skill) and confirm the SKILL.md matches its documentation and author.

Like a lobster shell, security has layers — review code before you run it.

latestvk973f4m0rre4835ftpq4fgj2bn81h9cy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📌 Clawdis
EnvPINATA_JWT, PINATA_GATEWAY_URL
Primary envPINATA_JWT

Comments