Ravi login

Security checks across malware telemetry and agentic risk

Overview

This skill handles sensitive login data, but its instructions are coherent with its stated Ravi login purpose and disclose the main credential and OTP behaviors.

Install only if you are comfortable letting an agent use Ravi to create and retrieve login credentials and read Ravi SMS/email verification messages for the active workflow. Protect ~/.ravi/config.json and avoid using this on shared or poorly secured machines.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to read SMS and email inbox contents to retrieve OTPs and verification links, but it does not clearly warn the user that inbox messages will be accessed as part of the login flow. This creates a transparency and privacy risk: users may not realize the agent will process potentially sensitive communications, including security codes and personal email/SMS content.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill states that the CLI 'stores keys automatically' and later instructs credential creation and retrieval, but it does not provide a prominent warning that authentication keys and service credentials will be stored locally on disk, including in ~/.ravi/config.json. This can expose sensitive material to other local users, backups, malware, or misconfigured file permissions if the user is unaware of the storage behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal