ClawHub

Jinko

v1.0.1

Guide for using the Jinko CLI (@gojinko/cli) — a terminal tool for searching flights, discovering destinations, managing trips, and booking travel. Use when:...

0· 107·0 current·0 all-time
by@kevinjinko
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (node + jinko), primaryEnv (JINKO_API_KEY), and the declared install (npm package @gojinko/cli) all match a CLI wrapper for a flight-booking service. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md contains only CLI usage and auth instructions (OAuth or API key), plus examples for search/booking commands. It does not instruct the agent to read unrelated system files or exfiltrate data. Note: using the CLI (especially booking commands) will involve network calls to the Jinko service and storing auth tokens locally per the tool's own behavior.
Install Mechanism
Install is a standard Node/npm package (@gojinko/cli) installed globally. This is a normal mechanism for a Node CLI; it will write files under system node_modules and create a symlink in /usr/local/bin when installed globally.
Credentials
Only a single, expected credential (JINKO_API_KEY) is declared as primary. The SKILL.md also describes an OAuth flow which stores tokens locally — expected for a CLI that performs authenticated actions. No unrelated secrets or environment variables are requested.
Persistence & Privilege
The skill is not always-enabled, and it doesn't request system-wide configuration changes or elevated persistent privileges. Autonomous invocation is allowed (platform default) but is not combined with other high-risk factors here.
Assessment
This skill appears internally consistent: it documents and installs a Node CLI and expects a Jinko API key or OAuth login, which matches its stated purpose. Before installing: (1) Verify the npm package @gojinko/cli (publisher, version, and download count) on the official npm registry and check its repository for source code and recent activity. (2) Be aware a global npm install will write to system paths and may require elevated rights—prefer installing in a container or controlled environment if you have concerns. (3) Prefer the OAuth flow for interactive use; if you must use an API key, create a scoped key and avoid embedding it in shared scripts. (4) Understand booking commands may handle payment or personal data—review the CLI’s privacy/security docs before providing sensitive data. If you want me to, I can check the package on the npm registry and summarize its repository and maintainers.

Like a lobster shell, security has layers — review code before you run it.

latestvk97754qs4cz6qw99cbz2y6d7fx83m8zx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

✈️ Clawdis
Binsjinko, node
Primary envJINKO_API_KEY

Install

Nodenpm i -g @gojinko/cli

Comments