Back to skill
Skillv2.1.1
ClawScan security
Ravi inbox · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 8, 2026, 5:46 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's purpose (reading your Ravi inbox) is coherent, but the runtime instructions rely on command-line tools (notably the 'ravi' CLI and common Unix utilities) that are not declared — an inconsistency worth verifying before install.
- Guidance
- This skill appears to do what it says — read SMS/email from a Ravi identity — but before installing: (1) confirm the 'ravi' CLI is actually present and trusted on the agent environment (SKILL.md calls 'ravi inbox' but the skill metadata doesn't declare that binary); (2) confirm availability of required shell tools used in examples (jq, grep, sleep) or that the agent will provide equivalent parsing; (3) understand how the agent gets authenticated to your Ravi account (the skill doesn't declare what credential it will use); and (4) remember this skill reads highly sensitive data (OTPs/verification links). If you can't confirm the CLI/auth method and trustworthiness of the Ravi tooling, consider asking the publisher for an install/auth guide or withholding sensitive credentials.
Review Dimensions
- Purpose & Capability
- noteThe skill's stated purpose (read SMS/email for OTPs and verification links) matches the instructions, which call a Ravi CLI to list and view inbox items. However, the SKILL.md expects a 'ravi' CLI to exist; the skill metadata does not declare any required binaries or credentials. That mismatch (instructions needing a CLI but none declared) is an incoherence.
- Instruction Scope
- noteInstructions are narrowly scoped to listing and viewing SMS/email via 'ravi inbox' and to small parsing recipes using jq/grep/sleep. They do not tell the agent to read unrelated files or environment variables. Still, the examples assume availability of 'jq', 'grep', and 'sleep' and run shell pipelines — these dependencies are not declared.
- Install Mechanism
- okThere is no install spec and no code files (instruction-only), so nothing is written to disk by the skill itself. This is lower-risk from an installation perspective.
- Credentials
- noteThe skill does not request environment variables or credentials in the metadata. That is consistent with an instruction-only skill, but reading inbox content is sensitive (OTPs/verification links). The SKILL.md implicitly requires that the agent environment has authenticated access to the user's Ravi identity (via the 'ravi' CLI), yet no primary credential or auth guidance is declared.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request persistent presence or special privileges in its metadata. It does not modify other skills or system configurations.