Back to skill
Skillv2.1.1
ClawScan security
Ravi feedback · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 5:46 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only helper that tells the agent how to send feedback to feedback@ravi.id via the ravi CLI; the requested actions and credentials are consistent with that purpose.
- Guidance
- This skill appears to do exactly what it says: compose and send feedback to feedback@ravi.id using your installed 'ravi' CLI and account. Before installing or allowing autonomous use, ensure you have the ravi CLI installed and are comfortable the agent can send email from your Ravi identity (it may send without an extra prompt if invoked autonomously). Do not include secrets or sensitive data in feedback messages. Also note the skill's source and homepage are not provided—while the instructions are straightforward, if you prefer provenance, ask the publisher for a homepage or repo before installing.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions: the SKILL.md tells the agent to send feedback to feedback@ravi.id using the 'ravi' CLI. There are no unrelated environment variables, binaries, or config paths requested.
- Instruction Scope
- okInstructions are narrowly scoped: run 'ravi auth login' if needed and use 'ravi email compose' to send feedback. The doc does not direct the agent to read arbitrary files, exfiltrate other environment variables, or call external endpoints beyond the described email target.
- Install Mechanism
- okNo install specification or code files are included (instruction-only), so nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill declares no environment variables or credentials. It does require the user's Ravi account (via the ravi CLI) which is proportional to sending email from the user's identity.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; autonomous invocation is allowed (platform default) but not combined with any broad credentials or persistent install that would increase risk.