Sinkron
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: sinkron Version: 1.0.7 The `SKILL.md` file contains extensive instructions for the AI agent (and user) to perform security verification steps, including visiting external URLs for provenance checks, downloading and inspecting the package contents via `pip download` and `ls`, and running `docker run` for isolated testing. While the explicit intent of these instructions is defensive and aims to promote secure installation and usage, they instruct the agent to execute shell commands and make external network calls that are outside the direct functional purpose of the skill. This constitutes 'risky capabilities without clear malicious intent' as it involves the agent performing system-level actions based on documentation, which could be a vector for unintended behavior if the agent's interpretation or environment is not perfectly aligned with the benign intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill’s CLI means trusting the external Sinkron package from PyPI.
The skill depends on an external PyPI package that is not included in the artifact set; the instructions do recommend version pinning and provenance checks.
install: "pip install sinkron==1.0.2"
Verify the PyPI package, repository, and version pin before installation, preferably in an isolated environment first.
Anyone or any agent with the token may be able to access and manage the associated Sinkron email identity.
The skill requires a token that grants access to the Sinkron account/API; this is expected for the service but is still a sensitive credential.
"required_env_vars": [{ "name": "SINKRON_TOKEN", "description": "Self-issued API token from Sinkron backend, obtained via `sinkron register --username USER --name NAME`", "required": true }], "primary_credential": "SINKRON_TOKEN"Store SINKRON_TOKEN only in a secret manager or restricted environment variable, avoid logging it, and rotate it after suspected exposure.
A mistaken or overly broad command could delete messages from the Sinkron inbox.
The documented command set includes bulk and force-style deletion of inbox data. This fits the inbox-management purpose, but it is a high-impact action.
"sinkron delete-messages" ... "Delete multiple messages" ... "sinkron delete-inbox" ... "Delete all inbox messages" ... "parameters": ["--force"]
Only allow delete commands after an explicit user request and review the target message IDs or inbox scope before using force options.
Email contents could expose sensitive data to the agent or influence the agent if treated as trusted instructions.
The skill retrieves persistent inbox content, which may include private information or untrusted instructions from email senders.
"sinkron inbox", "description": "Get inbox messages" ... "sinkron message", "description": "Get specific message by ID"
Treat all retrieved message content as untrusted user data and avoid following instructions contained in emails unless separately confirmed by the user.