Skillv2.1.1

ClawScan security

Ravi sso · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 8, 2026, 5:47 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are simple and plausible for issuing short-lived SSO tokens, but the SKILL.md requires a local 'ravi' CLI and an active account/subscription while the skill metadata declares no required binaries or credentials — an inconsistency you should verify before installing.
Guidance: Before installing or enabling this skill, verify these items: (1) Ensure the 'ravi' CLI is available in the agent's runtime environment (SKILL.md expects 'ravi sso token'), or update the skill metadata to declare that dependency — otherwise the skill will fail. (2) Confirm the agent has an active Ravi login/session and subscription as required by the CLI; the skill does not declare credentials it may need. (3) Treat the returned token as sensitive: it's short-lived but can be used to impersonate your identity to third parties. (4) If you plan to allow autonomous agent invocation, consider whether the agent should be allowed to call the CLI without explicit user confirmation (the SKILL.md does not mandate interactive confirmation). If anything above is unclear, request the skill author to (a) declare required binaries and auth prerequisites in the metadata and (b) make explicit any authentication steps the agent must perform before calling 'ravi sso token'.

Review Dimensions

Purpose & Capability: concernThe skill claims to produce short-lived Ravi SSO tokens (coherent with its name). However, the runtime instructions explicitly run the 'ravi sso token' CLI command, yet the skill metadata lists no required binaries. That mismatch (instruction needs a local 'ravi' binary but the manifest doesn't declare it) is an incoherence in purpose-capability mapping and may lead to runtime failures or surprising behavior.
Instruction Scope: noteSKILL.md is narrowly scoped: it tells the agent to run 'ravi sso token' and pass the returned token to third parties. It does not instruct the agent to read unrelated files, environment variables, or call other endpoints. One omission: it doesn't state the authentication step (ravi-login) or how the agent should ensure it has an active subscription — those operational prerequisites are mentioned but not prescriptive, which could lead to unexpected errors if the agent attempts to invoke the skill without prior login.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing will be downloaded or written to disk during install — low install mechanism risk.
Credentials: noteThe skill declares no required environment variables or credentials, which is reasonable for an instruction-only wrapper around a local CLI. However, the documentation references requirements that imply the user must be authenticated and subscribed; those prerequisites are not captured in requires.env or primary credential fields. If the CLI requires credentials (login session, tokens, or payment), those are not declared in the metadata.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable. It does not request persistent system presence or elevated privileges in its metadata or instructions.