Raven Transfer
WarnAudited by ClawScan on May 10, 2026.
Overview
Raven Transfer appears purpose-built for Raven NGN payouts, but it can move real money and the registry does not fully enforce the approval and credential boundaries described in the docs.
Use this skill only in a trusted, reviewed environment. Before installing, disable autonomous invocation, require a human to approve each transfer preview, store the Raven API key securely, avoid untrusted RAVEN_API_BASE overrides, and decide whether local transfer-state persistence is acceptable.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent may be able to invoke the payout workflow without the extra manual-invocation boundary the skill documents, increasing the risk of unintended real-money transfers.
This registry-level setting leaves autonomous invocation available for a skill whose SKILL.md says implicit model invocation should be disabled and whose documented commands can execute bank transfers.
disable-model-invocation: false (default — agent can invoke autonomously, this is normal)
Disable autonomous/model invocation for this skill in the registry/runtime and require a human to approve the transfer preview before any confirmed transfer command is run.
Whoever can run the skill with this key may be able to check wallet balances and initiate payouts through the Raven account.
The skill requires a Raven API credential to access wallet and transfer APIs; this is purpose-aligned, but it grants payment-account authority and is under-declared in registry metadata.
One auth source must be available in the runtime environment: `RAVEN_API_KEY_FILE` ... `RAVEN_API_KEY`
Provide the API key only through a secret manager or locked-down file, restrict the key’s permissions where Raven supports it, and verify the runtime does not expose the key to unrelated skills.
Local files may reveal payout references, amounts, fees, and transfer statuses if the skill folder is synced, backed up, or shared.
The skill intentionally keeps local transfer state for duplicate-prevention and status lookup. The docs limit stored fields and avoid account PII, but the state still contains transaction metadata.
Persist only minimal idempotency fields in `scripts/.state/transfer-state.json`: ... `merchant_ref`, `trx_ref`, `status`, `raw_status`, `amount`, `fee`
Keep the state file owner-only, exclude `scripts/.state/` from sync/backups/repositories, or set `RAVEN_DISABLE_LOCAL_STATE=1` if local persistence is not acceptable.
Users have less external provenance to rely on before trusting a tool that can move funds.
The package includes payment-capable code but does not provide a public source or homepage for provenance; no remote installer or hidden dependency is shown.
Source: unknown Homepage: none
Install only if you trust the publisher, review the full script before use, and pin/retain the reviewed copy in your own controlled environment.