Ravi inbox
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is clearly meant to read Ravi inbox messages, but it gives an agent broad access to sensitive OTPs and verification links with limited declared scoping.
Review before installing. This is not malicious from the provided artifacts, but it can expose OTPs, verification links, and inbox content to the agent. Only use it with a trusted Ravi CLI/account, and instruct the agent to access a specific expected message rather than browsing the inbox broadly.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused, the agent could read login codes or verification links that may unlock other accounts tied to the Ravi inbox.
This explicitly gives the agent access to authentication factors and account-message content. The artifacts do not add a narrow approval gate or limit access to a specific expected sender, thread, or verification.
Read incoming SMS or email messages — OTPs, verification codes, verification links, incoming mail.
Install only if you trust the agent with OTPs and inbox content. Ask it to read only a specific expected sender or thread, and avoid using it for sensitive accounts unless you explicitly approve the action.
Sensitive messages, codes, and links may appear in the chat or agent context while the task is being completed.
The documented outputs place SMS codes and verification-token URLs into the agent context. This is purpose-aligned, but the content is sensitive and should not be retained or reused beyond the immediate task.
"body": "Your code is 847291" ... "text_content": "Click here to verify: https://example.com/verify?token=xyz"
Treat retrieved messages as sensitive. Do not store, summarize, or share OTPs and verification links unless the user specifically asks.
The safety of actual execution depends on the local or preinstalled Ravi CLI, which was not included in the reviewed artifacts.
The skill relies on a `ravi` command, while the supplied metadata says there is no install spec and no required binaries. The reviewed artifacts therefore do not show the provenance or behavior of the CLI being invoked.
ravi inbox sms ... ravi inbox email <thread_id>
Use only a trusted Ravi CLI installation and verify which account it is logged into before allowing the agent to retrieve inbox messages.