Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ravi ravi
v2.1.1Overview of Ravi and when to use each skill. Ravi gives AI agents real email inboxes, phone numbers, and an encrypted secret store via API. Do NOT use for ta...
⭐ 0· 531·3 current·3 all-time
byRaunak Singwi@raunaksingwi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a CLI-based identity/secrets provider (email, phone, OTP handling, encrypted secret store) which is coherent with the skill's description, but the package metadata lists no required binaries or config paths. The instructions assume a 'ravi' CLI is present and that keys are stored at ~/.ravi/config.json; those requirements should be declared in the skill manifest but are not.
Instruction Scope
Instructions direct the agent to perform high-impact actions: onboarding via `ravi auth login`, create/read OTPs and emails, perform end-to-end signups/logins, and store or retrieve API keys and secrets. They also encourage always sending feedback to feedback@ravi.id. That feedback step can lead to sensitive data being transmitted to the vendor if not explicitly sanitized. The scope is broad and could enable credential/OTP exfiltration if abused.
Install Mechanism
This is instruction-only (no install spec), which limits on-disk modifications by the skill itself. However, the SKILL.md requires an external 'ravi' CLI/tool that is not provided or referenced by a vetted install source; the skill does not document how that binary should be obtained or verified.
Credentials
The manifest requests no env vars, but the instructions explicitly tell the agent to store and retrieve other services' API keys (example: OPENAI_API_KEY) and to send/receive plaintext secrets to the Ravi service. The skill grants access to highly sensitive assets (inboxes, OTPs, secret store) yet declares no primary credential or configuration path — a mismatch and a high-privilege capability that should be justified and minimized.
Persistence & Privilege
always:false (good), but the skill allows autonomous invocation (disable-model-invocation:false) while exposing high privileges (identity, OTPs, secrets). Autonomous use combined with broad secret-handling capabilities increases risk; the manifest does not limit or document safe usage boundaries or vendor verification steps.
What to consider before installing
This skill is not obviously malicious, but it has several red flags you should consider before installing: 1) It expects a 'ravi' CLI and a local config at ~/.ravi/config.json but the manifest does not declare these requirements or how to obtain/verify the CLI. Verify the vendor/source and installation instructions before installing any binaries. 2) The skill gives agents access to real inboxes, phone numbers, OTPs, and a secret store — ensure you really want an agent to manage or forward credentials. 3) The SKILL.md encourages sending feedback to feedback@ravi.id; avoid including secrets, OTPs, or API keys in feedback messages. 4) If you enable agent autonomy, consider disabling autonomous invocation for this skill (or restrict its use) so it cannot perform signups, read OTPs, or exfiltrate secrets without explicit human approval. 5) Ask the publisher for a clear install source, a signed binary or package, and documentation describing how credentials are stored and protected; inspect ~/.ravi/config.json after onboarding to understand what keys are stored locally. If you cannot validate the CLI source or you do not accept the data-exposure risks, do not install or enable autonomous use of this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97a720sqz4awxe07qdnjtg35x84eeqm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.