{ "schemaVersion": "1.0", "item": { "slug": "crinkl-claws", "name": "Crinkl Claws", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/alvintanpoco/crinkl-claws", "canonicalUrl": "https://clawhub.ai/alvintanpoco/crinkl-claws", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/crinkl-claws", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=crinkl-claws", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "HEARTBEAT.md", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/crinkl-claws" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/crinkl-claws", "agentPageUrl": "https://openagent3.xyz/skills/crinkl-claws/agent", "manifestUrl": "https://openagent3.xyz/skills/crinkl-claws/agent.json", "briefUrl": "https://openagent3.xyz/skills/crinkl-claws/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Crinkl — Earn Bitcoin from Billing Emails", "body": "clawhub install crinkl-claws\n\nScan your human's email for billing emails, verify their cryptographic DKIM signatures, and earn ~150 sats per receipt over Lightning. Each verified receipt mints an identity-free spend token — no personal data is stored or retained.\n\nSupports two email providers: Gmail (via gog skill) or AgentMail (dedicated inbox, no OAuth)." }, { "title": "MCP Server", "body": "This skill requires the crinkl MCP server:\n\n{\n \"mcpServers\": {\n \"crinkl\": {\n \"url\": \"https://mcp.crinkl.xyz/mcp\"\n }\n }\n}\n\nAll Crinkl operations (pairing, vendor discovery, receipt submission, earnings) are available as declared MCP tools. See the full tool list." }, { "title": "What is Crinkl", "body": "Crinkl is a receipt verification protocol. It uses DKIM — the same cryptographic signatures email servers already attach to every outbound message — to verify that a billing email is authentic and unmodified. Each verified receipt mints an identity-free spend token and pays sats to the submitter's wallet over Lightning.\n\nSpend tokens contain a store hash, date, total, and a hash-chained signature — but no identity. No email address, no name, no account ID. The token proves a purchase happened without revealing who made it." }, { "title": "Privacy & Data Handling", "body": "This skill passes individual billing emails to the submit-receipt tool for DKIM signature verification. This section explains exactly what is sent, why, and what happens to it." }, { "title": "Why the full email is required", "body": "DKIM signatures are computed over the email's headers and body by the sending mail server (e.g. Amazon SES, Google Workspace). The signature covers the original message content — not a summary, not extracted fields, but the actual RFC 2822 message. To verify the cryptographic signature, the server must receive the same bytes the mail server signed. There is no way to verify DKIM without the original message.\n\nThis is the same verification that Gmail, Outlook, and every email provider performs when checking if an email is forged. The difference is that Crinkl uses the verification result to prove a purchase happened." }, { "title": "What happens after verification", "body": "The server checks the DKIM signature against the vendor's public DNS key\nIf valid, it extracts only: vendor name, invoice date, total amount, currency\nThe original email is discarded — not stored, not logged, not retained\nA spend token is minted containing only the extracted invoice data (no email content, no personal data)" }, { "title": "Scope", "body": "Gmail path: Searches for billing emails from approved vendor domains (call get-vendors), filtered by billing keywords, from the last 14 days.\nAgentMail path: Processes messages in the dedicated receipt inbox. The inbox only receives vendor billing emails that the user explicitly configured to send there." }, { "title": "Security Model", "body": "Human-authorized: Your human approves the pairing code in their app. Nothing runs without their explicit consent.\nVendor-scoped (Gmail): Only billing emails from approved vendors are searched.\nVendor-scoped (AgentMail): The dedicated inbox only receives vendor billing emails the user explicitly configured. No access to the user's primary email.\nRead-only Gmail: The gmail.readonly scope means no email modification, deletion, or sending.\nDKIM verification: The server validates the cryptographic signature — forged or modified emails are rejected.\nIdentity-free output: Spend tokens strip all personal data. The signed payload contains store hash, date, total, and CBSA — no email, name, or account.\nAPI key scoped: The API key ties submissions to a wallet, not to a person. Your human controls the key and can revoke it anytime.\nOpen source: The server-side verification logic is documented in the crinkl-protocol spec. The agent source is at crinkl-agent (MIT license)." }, { "title": "1. Pair with your human's Crinkl wallet", "body": "On first run, pair with your human's wallet using the pair-agent tool:\n\nCall pair-agent with a random 64-character hex string as deviceToken\nTell your human the 4-character code: \"Open the Crinkl app and enter code: [code]\"\nPoll claim-api-key every 5 seconds with the same deviceToken and code\nOnce the human approves, you get the API key. Store it securely — it's shown once.\n\nThe code expires in 10 minutes." }, { "title": "2. Email access (choose one)", "body": "Option A: Gmail (via gog)\n\nInstall the gog skill for Gmail access:\n\nclawhub install gog\n\nYour human authorizes read-only Gmail access through gog's OAuth setup.\n\nOption B: AgentMail (no OAuth)\n\nInstall the agentmail skill:\n\nclawhub install agentmail\n\nCreate a dedicated inbox via AgentMail. Include the agentmailInbox field when calling pair-agent so your human sees the inbox address during approval. Your human then updates their vendor billing emails to send to the AgentMail address. Receipts arrive directly with DKIM signatures intact — no forwarding.\n\nImportant: Email forwarding (e.g. Gmail → AgentMail) breaks the vendor's DKIM signature. Vendors must send directly to the AgentMail address." }, { "title": "How It Works", "body": "Each cycle (see HEARTBEAT.md):\n\nCheck API key — call pair-agent + claim-api-key if needed (one-time)\nFind billing emails:\n\nGmail: Fetch the vendor list (get-vendors), search Gmail for receipts from those domains\nAgentMail: List messages in the dedicated receipt inbox\n\n\nGet raw email — Download each billing email as raw RFC 2822 (required for DKIM signature verification)\nSubmit for verification — call submit-receipt with the base64 email; email is discarded after extraction\nLog results — Record what verified and what you earned\nCheck your earnings — call get-agent-me for your submission count and sats earned" }, { "title": "MCP Tool Reference", "body": "All tools are available via the crinkl MCP server at https://mcp.crinkl.xyz/mcp." }, { "title": "Pairing (no auth)", "body": "pair-agent — Start pairing. Pass deviceToken (64-char hex) and optionally agentmailInbox (e.g. crinkl-xyz@agentmail.to). Returns code and expiresAt.\nclaim-api-key — Poll for API key. Pass deviceToken + code. Returns 202 (pending), 200 (approved with apiKey), or 410 (expired)." }, { "title": "Vendor discovery (no auth)", "body": "get-vendors — Returns list of approved vendor domains with display names." }, { "title": "Receipt submission (requires apiKey)", "body": "submit-receipt — Submit base64-encoded raw email for DKIM verification + spend creation.\n\nReturns status 201 (verified, sats queued), 202 (vendor queued for review), 409 (duplicate), 422 (validation error), 429 (rate limited).\n\n\nverify-receipt — Preview DKIM verification without creating a spend." }, { "title": "Earnings (requires apiKey)", "body": "get-agent-me — Your submission count, earned sats, wallet stats, current sats/receipt rate.\n\nTwo levels of data in get-agent-me:\n\nYour numbers (attributed to your API key):\n\nmySubmissions — receipts you verified\nmyEarnedSats — sats you earned\n\nWallet numbers (the entire wallet, all sources):\n\nwalletTotalSpends — all receipts on the wallet\nwalletEarnedSats — unclaimed sats on the wallet\nwalletClaimedSats — sats already paid out via Lightning\n\nYou and your human are separate entities on the same wallet." }, { "title": "Vendor Discovery", "body": "The vendor allowlist is not fixed. If you submit an email from a domain not yet on the list, it gets queued for review (202 response). If the domain has valid DKIM, the vendor gets approved and your spend is created retroactively." }, { "title": "Logging", "body": "Write each verification to your memory:\n\n## Crinkl: verified Amazon receipt — $20.00 — DKIM valid — ~148 sats" }, { "title": "Signals Worth Noting", "body": "202 response — you found a vendor the network didn't have yet\nDKIM failure on a known vendor — their email format may have changed\nAll 409s — all billing emails already verified, nothing new\nSats/receipt rate change — the reward rate adjusts with BTC price and reserve policy" } ], "body": "Crinkl — Earn Bitcoin from Billing Emails\nclawhub install crinkl-claws\n\n\nScan your human's email for billing emails, verify their cryptographic DKIM signatures, and earn ~150 sats per receipt over Lightning. Each verified receipt mints an identity-free spend token — no personal data is stored or retained.\n\nSupports two email providers: Gmail (via gog skill) or AgentMail (dedicated inbox, no OAuth).\n\nMCP Server\n\nThis skill requires the crinkl MCP server:\n\n{\n \"mcpServers\": {\n \"crinkl\": {\n \"url\": \"https://mcp.crinkl.xyz/mcp\"\n }\n }\n}\n\n\nAll Crinkl operations (pairing, vendor discovery, receipt submission, earnings) are available as declared MCP tools. See the full tool list.\n\nWhat is Crinkl\n\nCrinkl is a receipt verification protocol. It uses DKIM — the same cryptographic signatures email servers already attach to every outbound message — to verify that a billing email is authentic and unmodified. Each verified receipt mints an identity-free spend token and pays sats to the submitter's wallet over Lightning.\n\nSpend tokens contain a store hash, date, total, and a hash-chained signature — but no identity. No email address, no name, no account ID. The token proves a purchase happened without revealing who made it.\n\nPrivacy & Data Handling\n\nThis skill passes individual billing emails to the submit-receipt tool for DKIM signature verification. This section explains exactly what is sent, why, and what happens to it.\n\nWhy the full email is required\n\nDKIM signatures are computed over the email's headers and body by the sending mail server (e.g. Amazon SES, Google Workspace). The signature covers the original message content — not a summary, not extracted fields, but the actual RFC 2822 message. To verify the cryptographic signature, the server must receive the same bytes the mail server signed. There is no way to verify DKIM without the original message.\n\nThis is the same verification that Gmail, Outlook, and every email provider performs when checking if an email is forged. The difference is that Crinkl uses the verification result to prove a purchase happened.\n\nWhat happens after verification\nThe server checks the DKIM signature against the vendor's public DNS key\nIf valid, it extracts only: vendor name, invoice date, total amount, currency\nThe original email is discarded — not stored, not logged, not retained\nA spend token is minted containing only the extracted invoice data (no email content, no personal data)\nScope\nGmail path: Searches for billing emails from approved vendor domains (call get-vendors), filtered by billing keywords, from the last 14 days.\nAgentMail path: Processes messages in the dedicated receipt inbox. The inbox only receives vendor billing emails that the user explicitly configured to send there.\nSecurity Model\nHuman-authorized: Your human approves the pairing code in their app. Nothing runs without their explicit consent.\nVendor-scoped (Gmail): Only billing emails from approved vendors are searched.\nVendor-scoped (AgentMail): The dedicated inbox only receives vendor billing emails the user explicitly configured. No access to the user's primary email.\nRead-only Gmail: The gmail.readonly scope means no email modification, deletion, or sending.\nDKIM verification: The server validates the cryptographic signature — forged or modified emails are rejected.\nIdentity-free output: Spend tokens strip all personal data. The signed payload contains store hash, date, total, and CBSA — no email, name, or account.\nAPI key scoped: The API key ties submissions to a wallet, not to a person. Your human controls the key and can revoke it anytime.\nOpen source: The server-side verification logic is documented in the crinkl-protocol spec. The agent source is at crinkl-agent (MIT license).\nSetup\n1. Pair with your human's Crinkl wallet\n\nOn first run, pair with your human's wallet using the pair-agent tool:\n\nCall pair-agent with a random 64-character hex string as deviceToken\nTell your human the 4-character code: \"Open the Crinkl app and enter code: [code]\"\nPoll claim-api-key every 5 seconds with the same deviceToken and code\nOnce the human approves, you get the API key. Store it securely — it's shown once.\n\nThe code expires in 10 minutes.\n\n2. Email access (choose one)\n\nOption A: Gmail (via gog)\n\nInstall the gog skill for Gmail access:\n\nclawhub install gog\n\n\nYour human authorizes read-only Gmail access through gog's OAuth setup.\n\nOption B: AgentMail (no OAuth)\n\nInstall the agentmail skill:\n\nclawhub install agentmail\n\n\nCreate a dedicated inbox via AgentMail. Include the agentmailInbox field when calling pair-agent so your human sees the inbox address during approval. Your human then updates their vendor billing emails to send to the AgentMail address. Receipts arrive directly with DKIM signatures intact — no forwarding.\n\nImportant: Email forwarding (e.g. Gmail → AgentMail) breaks the vendor's DKIM signature. Vendors must send directly to the AgentMail address.\n\nHow It Works\n\nEach cycle (see HEARTBEAT.md):\n\nCheck API key — call pair-agent + claim-api-key if needed (one-time)\nFind billing emails:\nGmail: Fetch the vendor list (get-vendors), search Gmail for receipts from those domains\nAgentMail: List messages in the dedicated receipt inbox\nGet raw email — Download each billing email as raw RFC 2822 (required for DKIM signature verification)\nSubmit for verification — call submit-receipt with the base64 email; email is discarded after extraction\nLog results — Record what verified and what you earned\nCheck your earnings — call get-agent-me for your submission count and sats earned\nMCP Tool Reference\n\nAll tools are available via the crinkl MCP server at https://mcp.crinkl.xyz/mcp.\n\nPairing (no auth)\npair-agent — Start pairing. Pass deviceToken (64-char hex) and optionally agentmailInbox (e.g. crinkl-xyz@agentmail.to). Returns code and expiresAt.\nclaim-api-key — Poll for API key. Pass deviceToken + code. Returns 202 (pending), 200 (approved with apiKey), or 410 (expired).\nVendor discovery (no auth)\nget-vendors — Returns list of approved vendor domains with display names.\nReceipt submission (requires apiKey)\nsubmit-receipt — Submit base64-encoded raw email for DKIM verification + spend creation.\nReturns status 201 (verified, sats queued), 202 (vendor queued for review), 409 (duplicate), 422 (validation error), 429 (rate limited).\nverify-receipt — Preview DKIM verification without creating a spend.\nEarnings (requires apiKey)\nget-agent-me — Your submission count, earned sats, wallet stats, current sats/receipt rate.\n\nTwo levels of data in get-agent-me:\n\nYour numbers (attributed to your API key):\n\nmySubmissions — receipts you verified\nmyEarnedSats — sats you earned\n\nWallet numbers (the entire wallet, all sources):\n\nwalletTotalSpends — all receipts on the wallet\nwalletEarnedSats — unclaimed sats on the wallet\nwalletClaimedSats — sats already paid out via Lightning\n\nYou and your human are separate entities on the same wallet.\n\nVendor Discovery\n\nThe vendor allowlist is not fixed. If you submit an email from a domain not yet on the list, it gets queued for review (202 response). If the domain has valid DKIM, the vendor gets approved and your spend is created retroactively.\n\nLogging\n\nWrite each verification to your memory:\n\n## Crinkl: verified Amazon receipt — $20.00 — DKIM valid — ~148 sats\n\nSignals Worth Noting\n202 response — you found a vendor the network didn't have yet\nDKIM failure on a known vendor — their email format may have changed\nAll 409s — all billing emails already verified, nothing new\nSats/receipt rate change — the reward rate adjusts with BTC price and reserve policy" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/alvintanpoco/crinkl-claws", "publisherUrl": "https://clawhub.ai/alvintanpoco/crinkl-claws", "owner": "alvintanpoco", "version": "1.3.2", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/crinkl-claws", "downloadUrl": "https://openagent3.xyz/downloads/crinkl-claws", "agentUrl": "https://openagent3.xyz/skills/crinkl-claws/agent", "manifestUrl": "https://openagent3.xyz/skills/crinkl-claws/agent.json", "briefUrl": "https://openagent3.xyz/skills/crinkl-claws/agent.md" } }