Raven Transfer
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: raven-transfer Version: 1.1.0 The raven-transfer skill bundle is a well-architected tool for managing NGN payouts via the Raven Atlas API. It includes robust safety features such as mandatory confirmation tokens to prevent accidental execution, idempotency checks via local state to prevent double-spending, and strict file permission enforcement (chmod 600) for API key storage. The implementation in scripts/raven-transfer.mjs demonstrates high security awareness by explicitly stripping PII (account numbers/names) before persisting state and implementing comprehensive log redaction for sensitive tokens and headers.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent may be able to invoke the payout workflow without the extra manual-invocation boundary the skill documents, increasing the risk of unintended real-money transfers.
This registry-level setting leaves autonomous invocation available for a skill whose SKILL.md says implicit model invocation should be disabled and whose documented commands can execute bank transfers.
disable-model-invocation: false (default — agent can invoke autonomously, this is normal)
Disable autonomous/model invocation for this skill in the registry/runtime and require a human to approve the transfer preview before any confirmed transfer command is run.
Whoever can run the skill with this key may be able to check wallet balances and initiate payouts through the Raven account.
The skill requires a Raven API credential to access wallet and transfer APIs; this is purpose-aligned, but it grants payment-account authority and is under-declared in registry metadata.
One auth source must be available in the runtime environment: `RAVEN_API_KEY_FILE` ... `RAVEN_API_KEY`
Provide the API key only through a secret manager or locked-down file, restrict the key’s permissions where Raven supports it, and verify the runtime does not expose the key to unrelated skills.
Local files may reveal payout references, amounts, fees, and transfer statuses if the skill folder is synced, backed up, or shared.
The skill intentionally keeps local transfer state for duplicate-prevention and status lookup. The docs limit stored fields and avoid account PII, but the state still contains transaction metadata.
Persist only minimal idempotency fields in `scripts/.state/transfer-state.json`: ... `merchant_ref`, `trx_ref`, `status`, `raw_status`, `amount`, `fee`
Keep the state file owner-only, exclude `scripts/.state/` from sync/backups/repositories, or set `RAVEN_DISABLE_LOCAL_STATE=1` if local persistence is not acceptable.
Users have less external provenance to rely on before trusting a tool that can move funds.
The package includes payment-capable code but does not provide a public source or homepage for provenance; no remote installer or hidden dependency is shown.
Source: unknown Homepage: none
Install only if you trust the publisher, review the full script before use, and pin/retain the reviewed copy in your own controlled environment.