← Back to Skills Marketplace
zororaka00

Sinkron

by Web3 Hungry · GitHub ↗ · v1.0.7
cross-platform ⚠ suspicious
452
Downloads
0
Stars
1
Active Installs
8
Versions
Install in OpenClaw
/install sinkron
Description
Provide AI agents with permanent email identities using Sinkron CLI and Python SDK. Requires SINKRON_TOKEN (self-issued by the Sinkron backend via `sinkron r...
Usage Guidance
This skill appears coherent with its description, but treat third-party packages cautiously: 1) Verify the homepage, GitHub repo, and PyPI owner match and review the package source for unexpected network callbacks before installing. 2) Follow the SKILL.md checklist: download the wheel (.whl) and inspect its .py files, install only a pinned version, and test inside a container/VM first. 3) Protect SINKRON_TOKEN in a secrets manager (do not check it into code or logs), clear shell history after registration, and rotate the token if exposure is suspected. 4) If you cannot verify the package provenance or do not want to install from PyPI, do not install the skill. If you want higher assurance, ask for the release commit hash and PyPI artifact hash (sha256) so you can verify the exact package contents before installing.
Capability Analysis
Type: OpenClaw Skill Name: sinkron Version: 1.0.7 The `SKILL.md` file contains extensive instructions for the AI agent (and user) to perform security verification steps, including visiting external URLs for provenance checks, downloading and inspecting the package contents via `pip download` and `ls`, and running `docker run` for isolated testing. While the explicit intent of these instructions is defensive and aims to promote secure installation and usage, they instruct the agent to execute shell commands and make external network calls that are outside the direct functional purpose of the skill. This constitutes 'risky capabilities without clear malicious intent' as it involves the agent performing system-level actions based on documentation, which could be a vector for unintended behavior if the agent's interpretation or environment is not perfectly aligned with the benign intent.
Capability Assessment
Purpose & Capability
Skill claims to provide permanent email identities and inbox management via a CLI/SDK and declares a single required credential (SINKRON_TOKEN). There are no unrelated env vars, binaries, or config paths requested — the declared credential is appropriate for the described functionality.
Instruction Scope
SKILL.md contains concrete instructions that stay on-topic: provenance checks, downloading and inspecting the PyPI package, installing a pinned version, running sinkron register for token issuance, and protecting the token. It does not instruct reading unrelated system files or collecting unrelated credentials. It explicitly warns to clear shell history and store tokens securely.
Install Mechanism
This is an instruction-only skill (no install spec in the registry), and it recommends installing the sinkron package from PyPI (pip install sinkron==X.Y.Z). Installing from PyPI is a reasonable mechanism for a Python SDK but carries the usual moderate risk of third‑party packages — the SKILL.md sensibly recommends downloading and inspecting the wheel before installing and using an isolated environment. The alternate suggestion to use `uv tool install` is noted but optional; verify any lesser-known tooling before use.
Credentials
Only SINKRON_TOKEN is required and it is justified by the service's authentication model (self-issued token from sinkron register). The SKILL.md also prescribes secure storage and rotation practices for the token. No other secrets or unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide config, and has no install-time persistence declared. The default ability for the agent to invoke the skill autonomously is unchanged (normal).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install sinkron
  3. After installation, invoke the skill by name or use /sinkron
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.7
- Added explicit pypi_package_version ("1.0.2") and updated the long description to mention this package version. - Clarified in the description that SINKRON_TOKEN must be set as an environment variable before use. - Improved clarity on token management and environment variable requirements. - No changes to core logic or feature set; documentation and metadata updates only.
v1.0.6
Version 1.0.6 - Clarified that SINKRON_TOKEN is the required primary credential, self-issued by the Sinkron backend and must be present before use. - Made language around token issuance, required environment variable, and credential handling more explicit and concise. - Emphasized no third-party OAuth or external credential providers are involved. - No user-facing feature or interface changes; documentation and description improvements only.
v1.0.5
No changes detected in source files; version bump from 1.0.4 to 1.0.5 only. - Updated skill version metadata to 1.0.5. - No changes to functionality, configuration, or documentation content. - Safe to upgrade; existing workflows are unaffected.
v1.0.4
- Updated skill version to 1.0.4. - Updated the recommended PyPI install version in metadata from 1.0.1 to 1.0.2. - Added guidance to use sinkron health for platform status in best practices. - Minor edits to best-practice and security guidance for clarity and completeness.
v1.0.3
Version 1.0.3 of the Sinkron skill features a major documentation overhaul for clarity and security: - Refactored SKILL.md: streamlined, reorganized, and rewritten for better usability and conciseness. - Stronger emphasis on security best practices and explicit token provenance. - Clear, stepwise install, verification, and automation guidelines. - Added explicit guidance for Python SDK usage and safe inbox management. - Clarified no third-party OAuth—token is self-issued by Sinkron backend only. - All functional/usage aspects remain unchanged; this is a documentation update.
v1.0.2
- Clarified origin and handling of `SINKRON_TOKEN`: Token is always self-issued by the Sinkron platform via the CLI, never via third-party OAuth or dashboard. - Updated skill metadata to reflect token issuance process and origin. - Enhanced security checklist to detail legitimate ways to obtain and store the API token. - Revised usage and authentication guidance to emphasize secure, direct token management after registration. - No functional or API changes. Documentation update only.
v1.0.1
**Added strict provenance and token security requirements.** - Introduced a Security Pre-flight Checklist, emphasizing verification of package source and version pinning before installation. - Documented new required environment variables, including secure handling instructions for SINKRON_TOKEN. - Expanded installation and operational guidance to require provenance checks, isolated environment install, and secret manager usage. - Added best practices and warnings for avoiding exposure of sensitive data (tokens, config) in logs, history, or CI/CD. - Updated SKILL.md metadata with official homepage, repository, PyPI URL, and version pinning details.
v1.0.0
Initial release of the Sinkron skill. - Enables AI agents to manage permanent email addresses and inboxes using Sinkron CLI and Python SDK. - Provides best practices for installation, token management, and safe inbox handling. - Includes operational requirements, security guidelines, and observability recommendations. - Details all supported CLI commands and example automation patterns. - Outlines failure handling and production readiness checklist.
Metadata
Slug sinkron
Version 1.0.7
License
All-time Installs 1
Active Installs 1
Total Versions 8
Frequently Asked Questions

What is Sinkron?

Provide AI agents with permanent email identities using Sinkron CLI and Python SDK. Requires SINKRON_TOKEN (self-issued by the Sinkron backend via `sinkron r... It is an AI Agent Skill for Claude Code / OpenClaw, with 452 downloads so far.

How do I install Sinkron?

Run "/install sinkron" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Sinkron free?

Yes, Sinkron is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Sinkron support?

Sinkron is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Sinkron?

It is built and maintained by Web3 Hungry (@zororaka00); the current version is v1.0.7.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments