← Back to Skills Marketplace
axelzou

Reah Skill: Agent Card

by axelzou · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
148
Downloads
1
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install reah-agent-card
Description
Retrieve masked card info from Reah using an access key. Handles session generation, secure fetch, and decryption for agents automatically.
Usage Guidance
This skill appears to implement the described Reah card access flow and keeps network activity constrained to agents.reah.com, but there are a few things to verify before installing: - Confirm provenance: the registry lists the source as unknown and SKILL.md/README point to a GitHub install; verify the skill's origin (official Reah repo) before adding it to an agent that will handle card keys. - Metadata mismatch: SKILL.md requires REAH_AGENT_KEYS but the registry metadata you saw did not declare this — ask the publisher to correct the manifest so required env vars are explicit. - Review the confirmation flow: SKILL.md requires an explicit per-read confirmation for REAH_AGENT_KEYS. Ensure your agent platform actually prompts and prevents silent env reads. - Least privilege: store REAH_AGENT_KEYS only where necessary, rotate keys regularly as advised, and prefer short-lived keys if Reah supports them. - Code audit: the included Node example decrypts sensitive material in memory (but doesn't print it). If you plan to enable autonomous use, audit how the agent will use decrypted values and ensure it will only return masked/redacted card parts as specified. If you cannot verify the skill's source or guarantee the per-read confirmation behavior, treat this skill as higher risk and avoid installing it in environments with real card keys.
Capability Analysis
Type: OpenClaw Skill Name: reah-agent-card Version: 1.0.3 The skill bundle is a legitimate integration for the Reah platform, allowing an AI agent to securely retrieve virtual card information. It features robust security controls, including mandatory manual user confirmation for every access key read, strict masking/redaction requirements for card data in user-facing responses, and a hardcoded GraphQL endpoint (https://agents.reah.com/graphql) to prevent redirection. The accompanying Node.js script (get-card-info-example.mjs) implements a secure end-to-end encryption flow using RSA-OAEP for session establishment and AES-GCM for data decryption, with no evidence of unauthorized data exfiltration or malicious intent.
Capability Tags
crypto
Capability Assessment
Purpose & Capability
The skill claims to retrieve masked card info from Reah and the included Node example implements a GraphQL call to https://agents.reah.com/graphql and local decryption — this is coherent with the description. However the package/registry metadata provided to the evaluator omits the REAH_AGENT_KEYS env var that the SKILL.md and README clearly require, creating an inconsistency between declared requirements and the runtime instructions.
Instruction Scope
SKILL.md limits network calls to the single Reah GraphQL endpoint, requires explicit user confirmation before reading REAH_AGENT_KEYS, and mandates masking/no-export of raw PAN/CVC. The example Node script enforces endpoint immutability and does the decryption locally. That scope is appropriate for the stated goal. Caveat: the example decrypts values in memory but does not show or save them — enforcement of masking/never-exposing card data is purely procedural (instructions), not enforced across the skill surface.
Install Mechanism
This is an instruction-only skill with an included reference script; there is no install spec that downloads remote artifacts. README suggests an npx install from a GitHub repo, but no install spec in the registry package. No remote download URLs or installers were found in the provided files.
Credentials
The skill expects sensitive REAH_AGENT_KEYS to be available (and the SKILL.md metadata lists REAH_AGENT_KEYS). That is proportionate to the function, but the registry metadata earlier reported 'Required env vars: none' — this mismatch is concerning. Also the README instructs adding a JSON mapping to REAH_AGENT_KEYS in agent env. Ensure the skill will only read keys after explicit per-read confirmation as required by SKILL.md and that the agent/platform enforces that confirmation flow rather than silently reading environment variables.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and has normal invocation privileges. Nothing requests elevated or permanent system presence.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install reah-agent-card
  3. After installation, invoke the skill by name or use /reah-agent-card
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
Added support for secure environment variable access for Reah agent keys.
v1.0.2
- License file added.
v1.0.1
- Replaces previous PAN/CVV retrieval scripts with new "get-card-info" flow. - Adds stricter security: endpoint is hardcoded, no auth/cookie/header overrides allowed. - Updates script and filenames to use "card info" terminology (get-card-info.mjs, etc). - User-facing output now always masks part A of card info and redacts part B. - Documentation (SKILL.md) reflects new command, output format, and security rules.
v1.0.0
Initial release of Reah Skill - Secure retrieval of card PAN and CVV using access key - Automatic session generation and encryption handling - Integrated with Reah GraphQL API - CLI tools for agent-based workflows
Metadata
Slug reah-agent-card
Version 1.0.3
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Reah Skill: Agent Card?

Retrieve masked card info from Reah using an access key. Handles session generation, secure fetch, and decryption for agents automatically. It is an AI Agent Skill for Claude Code / OpenClaw, with 148 downloads so far.

How do I install Reah Skill: Agent Card?

Run "/install reah-agent-card" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Reah Skill: Agent Card free?

Yes, Reah Skill: Agent Card is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Reah Skill: Agent Card support?

Reah Skill: Agent Card is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Reah Skill: Agent Card?

It is built and maintained by axelzou (@axelzou); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments