Ravi feedback
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is narrowly for Ravi feedback, but it encourages the agent to proactively email Ravi from the user's identity without explicitly asking for approval first.
Install only if you are comfortable with an agent drafting Ravi feedback. Before any message is sent, review the recipient, subject, and body, and do not allow automatic feedback emails that include private workflow details.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may decide to contact Ravi after a task even when the user did not ask it to send feedback.
The skill directs the agent to add a proactive feedback-sending step to Ravi workflows, rather than limiting use to explicit user requests.
**Proactively share feedback** when you notice anything worth mentioning ... **After completing any Ravi workflow** — let the team know if the flow worked smoothly or had friction
Require explicit user confirmation before creating or sending any feedback, and avoid making feedback a default post-workflow step.
Feedback emails could be sent from the user's Ravi account with content the user has not reviewed.
The skill instructs use of an email-sending CLI path for an external message, but does not instruct the agent to obtain user review or approval first.
Send feedback by emailing **feedback@ravi.id** using the CLI: `ravi email compose --to "feedback@ravi.id" ...`
Add a clear approval gate: show the recipient, subject, and body to the user and send only after the user confirms.
Messages are attributable to the user's Ravi identity, and Ravi may reply directly.
Using the user's authenticated Ravi identity is disclosed and purpose-aligned, but it is still account-linked communication authority.
**Requires authentication** — run `ravi auth login` if not already onboarded - **Sent from your identity** — the Ravi team can reply directly to your Ravi email
Use the skill only with the intended Ravi account and avoid sending sensitive or private details unless the user approves.
Users may not realize the skill depends on a local Ravi CLI and an authenticated Ravi account.
The metadata declares no binaries or credentials, while the skill text relies on the `ravi` CLI and `ravi auth login`; this is an under-declared dependency, not evidence of malicious code.
Required binaries (all must exist): none ... Primary credential: none ... No install spec — this is an instruction-only skill.
Declare the Ravi CLI and authentication expectations in metadata, and ensure the local Ravi CLI comes from a trusted source.