ClawHub

Ravi vault

v1.6.0

Store and retrieve key-value secrets — E2E encrypted vault for API keys and env vars. Do NOT use for website passwords (use ravi-passwords) or reading messag...

0· 311·0 current·0 all-time
byRaunak Singwi@raunaksingwi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md expects a 'ravi' CLI to be present and shows examples using jq/curl, but the skill metadata lists no required binaries and provides no install mechanism. Asking agents to store and retrieve API keys is coherent with a vault, but assuming an unprovided CLI is inconsistent.
!
Instruction Scope
Instructions explicitly show retrieving secrets and using them in outbound calls (curl). The document does not explain how the agent authenticates to the vault, how identities are provisioned, or where the backend is hosted. Examples demonstrate exfiltration-capable workflows (pull secret → call external API) which is expected for a vault but raises risk when combined with absent auth/install details.
Install Mechanism
This is instruction-only (no install spec and no code). That minimizes on-disk footprint but also leaves unanswered how to obtain the 'ravi' CLI. Lack of an install/source/homepage means users may have to fetch the CLI themselves — a potential risk if they pick an untrusted binary.
!
Credentials
The skill requests no environment variables or credentials in metadata, yet the examples store highly sensitive secrets (OPENAI_API_KEY, GITHUB_TOKEN) and show them being retrieved into env vars and used. The SKILL.md also states keys are stored in plaintext for lookup (only values are encrypted), which is a relevant privacy/security property that users must accept; the lack of declared auth credentials or access controls is a gap.
Persistence & Privilege
always:false and standard agent invocation are used. The skill does not request elevated or persistent platform privileges in the metadata.
What to consider before installing
This skill could be legitimate, but there are worrying gaps. Before installing, verify the origin of the 'ravi' CLI (official homepage/repo or signed releases), confirm how agents authenticate to the vault (what identity maps to stored keys), and review who can list keys (keys are plaintext). Prefer skills that provide an install spec or a trusted source and clear auth instructions. Treat any retrieved secret as exfiltrable — only enable this skill for agents you trust, and test in a sandboxed environment first. If you cannot verify the CLI/source or the authentication model, decline or mark as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk9729ex885eqd5vkmgvv360fas8211pg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments