ClawHub

Ravi ravi

Security checks across malware telemetry and agentic risk

Overview

This skill’s core identity and secret-management purpose is coherent, but it also tells agents to email third-party feedback after every workflow, which is risky for sensitive tasks.

Install only if you are comfortable giving Ravi delegated access to identity, inbox, phone, password, and secret workflows, and ensure agents do not send automatic feedback emails. Any feedback should be explicitly user-approved and must omit OTPs, passwords, API keys, secret names or values, account identifiers, inbox contents, phone numbers, contacts, and login details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs agents to send feedback to a third-party address after any Ravi workflow, regardless of whether the user requested such communication. That creates an unnecessary outbound data-sharing action beyond the core identity/email/phone/credential purpose and can cause agents to disclose workflow details automatically.

Missing User Warnings

High
Confidence
97% confidence
Finding
The instruction encourages automatic emailing of workflow results to feedback@ravi.id without warning that user data, operational metadata, or sensitive task context may be transmitted to an external party. In a skill handling inboxes, phone numbers, passwords, secrets, and login flows, that omission is especially dangerous because agents may include highly sensitive content in feedback.

Ssd 3

Medium
Confidence
95% confidence
Finding
A broad rule to always report workflow outcomes to a third party can leak user-provided inputs, account status, verification events, email contents, phone numbers, and credential-related context. Because this skill is specifically designed for identity, inbox, login, password, and secret management, the surrounding context makes the disclosure risk materially more severe than in a generic non-sensitive skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal