← Back to Skills Marketplace
raunaksingwi

Ravi vault

by Raunak Singwi · GitHub ↗ · v1.6.0
cross-platform ⚠ suspicious
346
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install ravi-vault
Description
Store and retrieve key-value secrets — E2E encrypted vault for API keys and env vars. Do NOT use for website passwords (use ravi-passwords) or reading messag...
Usage Guidance
This skill could be legitimate, but there are worrying gaps. Before installing, verify the origin of the 'ravi' CLI (official homepage/repo or signed releases), confirm how agents authenticate to the vault (what identity maps to stored keys), and review who can list keys (keys are plaintext). Prefer skills that provide an install spec or a trusted source and clear auth instructions. Treat any retrieved secret as exfiltrable — only enable this skill for agents you trust, and test in a sandboxed environment first. If you cannot verify the CLI/source or the authentication model, decline or mark as untrusted.
Capability Analysis
Type: OpenClaw Skill Name: ravi-vault Version: 1.6.0 The OpenClaw AgentSkills bundle 'ravi-vault' appears to be a legitimate utility for storing and retrieving E2E encrypted key-value secrets. The `SKILL.md` file provides clear documentation and examples for using the `ravi` CLI tool for secret management (set, get, list, delete). There is no evidence of malicious prompt injection attempts against the AI agent, nor any indicators of data exfiltration, unauthorized execution, persistence mechanisms, or obfuscation. The `curl` example demonstrates legitimate usage of retrieved API keys with `api.openai.com`, which aligns with the skill's stated purpose.
Capability Assessment
Purpose & Capability
The SKILL.md expects a 'ravi' CLI to be present and shows examples using jq/curl, but the skill metadata lists no required binaries and provides no install mechanism. Asking agents to store and retrieve API keys is coherent with a vault, but assuming an unprovided CLI is inconsistent.
Instruction Scope
Instructions explicitly show retrieving secrets and using them in outbound calls (curl). The document does not explain how the agent authenticates to the vault, how identities are provisioned, or where the backend is hosted. Examples demonstrate exfiltration-capable workflows (pull secret → call external API) which is expected for a vault but raises risk when combined with absent auth/install details.
Install Mechanism
This is instruction-only (no install spec and no code). That minimizes on-disk footprint but also leaves unanswered how to obtain the 'ravi' CLI. Lack of an install/source/homepage means users may have to fetch the CLI themselves — a potential risk if they pick an untrusted binary.
Credentials
The skill requests no environment variables or credentials in metadata, yet the examples store highly sensitive secrets (OPENAI_API_KEY, GITHUB_TOKEN) and show them being retrieved into env vars and used. The SKILL.md also states keys are stored in plaintext for lookup (only values are encrypted), which is a relevant privacy/security property that users must accept; the lack of declared auth credentials or access controls is a gap.
Persistence & Privilege
always:false and standard agent invocation are used. The skill does not request elevated or persistent platform privileges in the metadata.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ravi-vault
  3. After installation, invoke the skill by name or use /ravi-vault
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.6.0
Auto-published from 40db4ff85e7f7ab07528a537bc78bcc99350ac24
v1.5.1
Fix workflow, publish all skills
Metadata
Slug ravi-vault
Version 1.6.0
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Ravi vault?

Store and retrieve key-value secrets — E2E encrypted vault for API keys and env vars. Do NOT use for website passwords (use ravi-passwords) or reading messag... It is an AI Agent Skill for Claude Code / OpenClaw, with 346 downloads so far.

How do I install Ravi vault?

Run "/install ravi-vault" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ravi vault free?

Yes, Ravi vault is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Ravi vault support?

Ravi vault is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Ravi vault?

It is built and maintained by Raunak Singwi (@raunaksingwi); the current version is v1.6.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments