Raindrop.io Bookmarks

v1.0.4

Search, list, and manage Raindrop.io bookmarks via CLI. Use when the user wants to find saved links, browse collections, add new bookmarks, organize with tag...

⭐ 7· 2.2k·4 current·4 all-time

byRadek Sienkiewicz@velvet-shark

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the actual behavior. Required binaries (bash, curl, jq, bc), required env var (RAINDROP_TOKEN), and the referenced config path (~/.config/raindrop.env) are all appropriate and expected for a CLI client for the Raindrop API.

✓

Instruction Scope

SKILL.md and the included script confine themselves to calling the Raindrop API and local config for token sourcing. There are no instructions to read unrelated files or exfiltrate data to other endpoints; the only external network calls go to https://api.raindrop.io/ (as expected). The script does source ~/.config/raindrop.env for credentials, which is consistent with the documentation.

✓

Install Mechanism

No install spec is provided (instruction-only with an included script), so nothing is silently downloaded or installed. That lowers install-time risk; the script is expected to be run by the user directly.

✓

Credentials

Only one credential is required (RAINDROP_TOKEN) and it is the primary credential needed to call the Raindrop API. No unrelated secrets, system credentials, or other service tokens are requested.

✓

Persistence & Privilege

The skill does not request always:true or any elevated persistence. It does read a user-provided config file (~/.config/raindrop.env) for the token, which is normal behavior for a CLI wrapper.

Assessment

This appears to be a straightforward Raindrop.io CLI wrapper. Before using it: (1) Verify the script content locally (it sources ~/.config/raindrop.env — that file will contain your RAINDROP_TOKEN in plaintext unless you handle it differently). (2) Prefer passing the token with --token for ephemeral runs if you don't want persistent credentials on disk. (3) Confirm network calls go to api.raindrop.io (the script does so). (4) Run the script in a safe environment if you are uncertain, and avoid sharing your RAINDROP_TOKEN. Note: _meta.json has an odd publishedAt timestamp in the bundle metadata — this is not a functional problem but worth awareness.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fwxk3yy5xe5sxeav2dx1ess81a3wp

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌧️ Clawdis

Binsbash, curl, jq, bc

EnvRAINDROP_TOKEN

Config~/.config/raindrop.env

Primary envRAINDROP_TOKEN

Raindrop.io Bookmarks

License

Runtime requirements

Comments