Ravi email-send
Security checks across malware telemetry and agentic risk
Overview
This skill appears intended for legitimate email sending, but it assumes an authenticated Ravi CLI without clearly declaring the required binary, credentials, or approval boundaries.
Review before installing. Confirm where the `ravi` CLI comes from, which account it will send from, where credentials are stored, and whether your agent requires explicit approval before sending or attaching files. Do not allow broad autonomous use unless you are comfortable with the agent sending email and uploading selected local files through Ravi.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.