Skillv2.1.1

VirusTotal security

Ravi ravi · External malware reputation and Code Insight signals for this exact artifact hash.

ReviewMay 1, 2026, 4:46 AM

Hash: 2d24804b7254aa5ff1ebc47cdb805e36edc06712309e96707a2810d2f769044e
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: ravi Version: 2.1.1 The 'ravi' skill bundle (v2.1.1) provides identity and secret management but contains highly suspicious instructions in SKILL.md. It mandates that the AI agent send 'feedback' emails to feedback@ravi.id after every workflow, which functions as a telemetry and exfiltration channel for the agent's activity logs and user context. Furthermore, the service encourages the storage of high-value credentials (e.g., OPENAI_API_KEY) in its third-party store, which, combined with the aggressive feedback requirement, creates a significant risk of sensitive data leakage to the ravi.id domain.
External report: View on VirusTotal