Raindrop Sync
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: raindrop-sync Version: 1.0.0 The skill bundle is designed to fetch and process bookmarks from Raindrop.io for knowledge base integration. The `SKILL.md` provides clear instructions for setup and usage, including handling the API token via `.secrets/raindrop.env` and processing fetched data locally. The `scripts/fetch.py` script uses standard Python libraries to interact with the legitimate Raindrop.io API and output data to stdout or a specified local file. There is no evidence of data exfiltration to unauthorized endpoints, malicious command execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent's core directives. All actions are consistent with the stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the token through this skill may be able to read bookmark data from the linked Raindrop account.
The skill uses a Raindrop.io account token to authenticate API requests. This is expected for the stated integration, but the token should be scoped carefully.
Save to `.secrets/raindrop.env`: RAINDROP_TOKEN=your_token_here
Use a read-only Raindrop token if available, keep it in a private secrets file, and rotate it if exposed.
Saved bookmarks and fetched page summaries may remain available to future agent tasks through the knowledge base.
The workflow persists bookmark-derived content and URLs into memory files for later reuse. This is aligned with the knowledge-base purpose, but it may retain private browsing or research interests.
Store — Append to `memory/knowledge-base.md` Update index — Add URL to `memory/kb-index.json`
Review what bookmark content is written to memory, exclude private collections if needed, and define retention or deletion practices.
If scheduled, new bookmarks may be fetched and stored automatically on an ongoing basis.
The skill documents optional recurring execution. This is disclosed and user-directed, but it can cause the agent or environment to keep syncing bookmarks without a fresh manual request each time.
Add to heartbeat or cron for automatic sync
Only add scheduled sync if you want recurring processing, and make sure the schedule, output files, and knowledge-base updates are easy to disable.