Ravi identity
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherently focused on Ravi identity lookup and identity management, but users should understand it can expose email/phone/owner identity details and create or switch persistent identities.
Before installing, make sure you want your agent to access Ravi identity details and manage Ravi identities. Confirm any identity creation or switching explicitly, and verify that the `ravi` CLI in your environment is trusted.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may see and use the Ravi identity's email address, phone number, and owner information.
The skill can retrieve Ravi email, phone, and owner identity information. This is purpose-aligned, but it is still sensitive account identity data.
# Get your email address (use this for signups) ravi get email # Get your phone number (use this for SMS verification) ravi get phone # Get account owner info ravi get owner
Install only if you want the agent to access these Ravi identity details, and avoid sharing the retrieved information unnecessarily.
If used, the agent can create a permanent Ravi identity or switch which identity is active, which may affect future signups and account context.
The skill documents commands that mutate account identity state by creating or switching identities. It includes a clear consent guard for creation and warns about paid-plan requirements.
Only create a new identity when the user explicitly asks for one ... New identities require a paid plan. ravi identity create ... ravi identity use <uuid>
Confirm with the user before creating or switching identities, especially because identities are described as permanent and creation may require a paid plan.
The skill will only work in an environment where the expected Ravi CLI and authentication are already available.
The package metadata does not declare or install the `ravi` CLI that the SKILL.md commands rely on. This is a setup/provenance gap, not evidence of hidden code.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Verify the installed `ravi` CLI comes from a trusted Ravi source before using the skill.
The agent may use realistic generated identity details in forms or signups, which could be inappropriate for some services or contexts.
The skill encourages generated identity names that look like real people. This is disclosed and tied to the stated identity-management purpose, but it could be misleading if used where a real human identity is expected.
# Auto-generated name and email (recommended — looks like a real person) ravi identity create
Use generated identities only where pseudonymous or agent identities are allowed, and do not use them to impersonate a real person.