ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ravi email-send

v2.1.1

Send, compose, reply, reply-all, or forward emails with HTML formatting and attachments. Do NOT use for reading incoming email (use ravi-inbox) or for creden...

0· 534·0 current·0 all-time
byRaunak Singwi@raunaksingwi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims only to send/compose/reply/forward email, and the SKILL.md is consistent with that purpose (it uses a 'ravi' CLI). However, the manifest declares no required binaries and no primary credential while the runtime instructions explicitly invoke the 'ravi' command-line tool and imply an authenticated Ravi account. The absence of a declared dependency on the 'ravi' binary or any auth credential is an incoherence.
Instruction Scope
The SKILL.md stays within the stated scope (compose, reply, forward, attachment/HTML notes, rate limit handling). It references other Ravi skills (contacts, inbox, email-writing) appropriately. It does not instruct reading arbitrary system files or unrelated environment variables. However, it assumes availability of message IDs and an authenticated CLI session without explaining how those are obtained, which grants implicit authority that is not documented.
Install Mechanism
This is an instruction-only skill with no install spec or code to write to disk, which is low-risk. No downloads or package installs are requested.
!
Credentials
Sending email normally requires account authentication (API key, OAuth token, or an authenticated CLI session). The skill requests no environment variables, no credentials, and no config paths. That is disproportionate: either the skill assumes the environment already has authenticated 'ravi' tooling (not declared), or it omits required secret configuration. The missing credential declaration is a security & operational gap.
Persistence & Privilege
The skill does not request always: true, does not modify other skills, and requires no persistent config. Autonomous invocation is allowed (platform default) but is not combined with other high privileges in this package.
What to consider before installing
This skill's runtime instructions assume a 'ravi' CLI and an authenticated Ravi account but the manifest does not declare the 'ravi' binary or any credentials. Before installing: 1) Ask the publisher which credential or auth flow is required (API key, OAuth, or an already-authenticated CLI session) and how message IDs are supplied. 2) Verify that the 'ravi' CLI is present in the environment and which account it will send from. 3) If you don't already have an authenticated Ravi CLI, treat this as incomplete and don't grant broad agent access until authentication details are provided. 4) Consider limiting agent scope or reviewing logs/approval flows for outbound email to avoid accidental data exfiltration or mass sending.

Like a lobster shell, security has layers — review code before you run it.

latestvk974v435fqy209sssdg14yz97d84f5pz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments