← 返回 Skills 市场
Sinkron
作者
Web3 Hungry
· GitHub ↗
· v1.0.7
452
总下载
0
收藏
1
当前安装
8
版本数
在 OpenClaw 中安装
/install sinkron
功能描述
Provide AI agents with permanent email identities using Sinkron CLI and Python SDK. Requires SINKRON_TOKEN (self-issued by the Sinkron backend via `sinkron r...
安全使用建议
This skill appears coherent with its description, but treat third-party packages cautiously: 1) Verify the homepage, GitHub repo, and PyPI owner match and review the package source for unexpected network callbacks before installing. 2) Follow the SKILL.md checklist: download the wheel (.whl) and inspect its .py files, install only a pinned version, and test inside a container/VM first. 3) Protect SINKRON_TOKEN in a secrets manager (do not check it into code or logs), clear shell history after registration, and rotate the token if exposure is suspected. 4) If you cannot verify the package provenance or do not want to install from PyPI, do not install the skill. If you want higher assurance, ask for the release commit hash and PyPI artifact hash (sha256) so you can verify the exact package contents before installing.
功能分析
Type: OpenClaw Skill
Name: sinkron
Version: 1.0.7
The `SKILL.md` file contains extensive instructions for the AI agent (and user) to perform security verification steps, including visiting external URLs for provenance checks, downloading and inspecting the package contents via `pip download` and `ls`, and running `docker run` for isolated testing. While the explicit intent of these instructions is defensive and aims to promote secure installation and usage, they instruct the agent to execute shell commands and make external network calls that are outside the direct functional purpose of the skill. This constitutes 'risky capabilities without clear malicious intent' as it involves the agent performing system-level actions based on documentation, which could be a vector for unintended behavior if the agent's interpretation or environment is not perfectly aligned with the benign intent.
能力评估
Purpose & Capability
Skill claims to provide permanent email identities and inbox management via a CLI/SDK and declares a single required credential (SINKRON_TOKEN). There are no unrelated env vars, binaries, or config paths requested — the declared credential is appropriate for the described functionality.
Instruction Scope
SKILL.md contains concrete instructions that stay on-topic: provenance checks, downloading and inspecting the PyPI package, installing a pinned version, running sinkron register for token issuance, and protecting the token. It does not instruct reading unrelated system files or collecting unrelated credentials. It explicitly warns to clear shell history and store tokens securely.
Install Mechanism
This is an instruction-only skill (no install spec in the registry), and it recommends installing the sinkron package from PyPI (pip install sinkron==X.Y.Z). Installing from PyPI is a reasonable mechanism for a Python SDK but carries the usual moderate risk of third‑party packages — the SKILL.md sensibly recommends downloading and inspecting the wheel before installing and using an isolated environment. The alternate suggestion to use `uv tool install` is noted but optional; verify any lesser-known tooling before use.
Credentials
Only SINKRON_TOKEN is required and it is justified by the service's authentication model (self-issued token from sinkron register). The SKILL.md also prescribes secure storage and rotation practices for the token. No other secrets or unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide config, and has no install-time persistence declared. The default ability for the agent to invoke the skill autonomously is unchanged (normal).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sinkron - 安装完成后,直接呼叫该 Skill 的名称或使用
/sinkron触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.7
- Added explicit pypi_package_version ("1.0.2") and updated the long description to mention this package version.
- Clarified in the description that SINKRON_TOKEN must be set as an environment variable before use.
- Improved clarity on token management and environment variable requirements.
- No changes to core logic or feature set; documentation and metadata updates only.
v1.0.6
Version 1.0.6
- Clarified that SINKRON_TOKEN is the required primary credential, self-issued by the Sinkron backend and must be present before use.
- Made language around token issuance, required environment variable, and credential handling more explicit and concise.
- Emphasized no third-party OAuth or external credential providers are involved.
- No user-facing feature or interface changes; documentation and description improvements only.
v1.0.5
No changes detected in source files; version bump from 1.0.4 to 1.0.5 only.
- Updated skill version metadata to 1.0.5.
- No changes to functionality, configuration, or documentation content.
- Safe to upgrade; existing workflows are unaffected.
v1.0.4
- Updated skill version to 1.0.4.
- Updated the recommended PyPI install version in metadata from 1.0.1 to 1.0.2.
- Added guidance to use sinkron health for platform status in best practices.
- Minor edits to best-practice and security guidance for clarity and completeness.
v1.0.3
Version 1.0.3 of the Sinkron skill features a major documentation overhaul for clarity and security:
- Refactored SKILL.md: streamlined, reorganized, and rewritten for better usability and conciseness.
- Stronger emphasis on security best practices and explicit token provenance.
- Clear, stepwise install, verification, and automation guidelines.
- Added explicit guidance for Python SDK usage and safe inbox management.
- Clarified no third-party OAuth—token is self-issued by Sinkron backend only.
- All functional/usage aspects remain unchanged; this is a documentation update.
v1.0.2
- Clarified origin and handling of `SINKRON_TOKEN`: Token is always self-issued by the Sinkron platform via the CLI, never via third-party OAuth or dashboard.
- Updated skill metadata to reflect token issuance process and origin.
- Enhanced security checklist to detail legitimate ways to obtain and store the API token.
- Revised usage and authentication guidance to emphasize secure, direct token management after registration.
- No functional or API changes. Documentation update only.
v1.0.1
**Added strict provenance and token security requirements.**
- Introduced a Security Pre-flight Checklist, emphasizing verification of package source and version pinning before installation.
- Documented new required environment variables, including secure handling instructions for SINKRON_TOKEN.
- Expanded installation and operational guidance to require provenance checks, isolated environment install, and secret manager usage.
- Added best practices and warnings for avoiding exposure of sensitive data (tokens, config) in logs, history, or CI/CD.
- Updated SKILL.md metadata with official homepage, repository, PyPI URL, and version pinning details.
v1.0.0
Initial release of the Sinkron skill.
- Enables AI agents to manage permanent email addresses and inboxes using Sinkron CLI and Python SDK.
- Provides best practices for installation, token management, and safe inbox handling.
- Includes operational requirements, security guidelines, and observability recommendations.
- Details all supported CLI commands and example automation patterns.
- Outlines failure handling and production readiness checklist.
元数据
常见问题
Sinkron 是什么?
Provide AI agents with permanent email identities using Sinkron CLI and Python SDK. Requires SINKRON_TOKEN (self-issued by the Sinkron backend via `sinkron r... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 452 次。
如何安装 Sinkron?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sinkron」即可一键安装,无需额外配置。
Sinkron 是免费的吗?
是的,Sinkron 完全免费(开源免费),可自由下载、安装和使用。
Sinkron 支持哪些平台?
Sinkron 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sinkron?
由 Web3 Hungry(@zororaka00)开发并维护,当前版本 v1.0.7。
推荐 Skills