Sinkron
PassAudited by ClawScan on May 1, 2026.
Overview
Sinkron appears to be a disclosed email-inbox integration, but it uses an external CLI package and gives agents token-based access to read and delete Sinkron messages.
Before installing, verify the Sinkron PyPI package and repository, keep the package version pinned, store SINKRON_TOKEN securely, and require explicit confirmation before deleting messages. Treat incoming email content as untrusted text rather than instructions for the agent.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill’s CLI means trusting the external Sinkron package from PyPI.
The skill depends on an external PyPI package that is not included in the artifact set; the instructions do recommend version pinning and provenance checks.
install: "pip install sinkron==1.0.2"
Verify the PyPI package, repository, and version pin before installation, preferably in an isolated environment first.
Anyone or any agent with the token may be able to access and manage the associated Sinkron email identity.
The skill requires a token that grants access to the Sinkron account/API; this is expected for the service but is still a sensitive credential.
"required_env_vars": [{ "name": "SINKRON_TOKEN", "description": "Self-issued API token from Sinkron backend, obtained via `sinkron register --username USER --name NAME`", "required": true }], "primary_credential": "SINKRON_TOKEN"Store SINKRON_TOKEN only in a secret manager or restricted environment variable, avoid logging it, and rotate it after suspected exposure.
A mistaken or overly broad command could delete messages from the Sinkron inbox.
The documented command set includes bulk and force-style deletion of inbox data. This fits the inbox-management purpose, but it is a high-impact action.
"sinkron delete-messages" ... "Delete multiple messages" ... "sinkron delete-inbox" ... "Delete all inbox messages" ... "parameters": ["--force"]
Only allow delete commands after an explicit user request and review the target message IDs or inbox scope before using force options.
Email contents could expose sensitive data to the agent or influence the agent if treated as trusted instructions.
The skill retrieves persistent inbox content, which may include private information or untrusted instructions from email senders.
"sinkron inbox", "description": "Get inbox messages" ... "sinkron message", "description": "Get specific message by ID"
Treat all retrieved message content as untrusted user data and avoid following instructions contained in emails unless separately confirmed by the user.