← Back to Skills Marketplace
Ravi secrets
by
Raunak Singwi
· GitHub ↗
· v2.1.1
· MIT-0
445
Downloads
0
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install ravi-secrets
Description
Store and retrieve key-value secrets — encrypted secret store for API keys and env vars. Do NOT use for website passwords (use ravi-passwords) or reading mes...
Usage Guidance
This skill claims to be a secrets store but doesn't declare the 'ravi' CLI, jq, or any authentication details. Before installing or using it: (1) ask the author for the CLI's source/release URL and an install method so you can verify the binary; (2) confirm how the CLI authenticates (what credential or login is required) and ensure that credential is scoped and stored securely; (3) be aware the documented outputs show plaintext secret values (including in list), which can leak to logs, shell history, or other tools—only use in environments where that risk is acceptable; (4) avoid storing high-risk secrets until provenance and auth are clear. If the author cannot provide a repository, homepage, or clear auth/install instructions, treat the skill as untrusted.
Capability Analysis
Type: OpenClaw Skill
Name: ravi-secrets
Version: 2.1.1
The ravi-secrets skill bundle provides documentation for a command-line utility used to manage API keys and environment variables via the 'ravi' CLI. The instructions in SKILL.md describe standard secret management operations (set, get, list, delete) and point to a legitimate-looking documentation endpoint at ravi.id, with no evidence of malicious intent, data exfiltration, or prompt injection attacks.
Capability Assessment
Purpose & Capability
The name/description and runtime instructions consistently describe a secrets store (set/get/list/delete). However the SKILL.md assumes a 'ravi' CLI exists and returns plaintext secret values, yet the skill metadata lists no required binaries, no install spec, and no authentication/credential requirements. That mismatch (expecting a CLI and a live server with auth but declaring none) is unexplained and disproportionate.
Instruction Scope
Instructions are narrowly scoped to secret management commands, but they explicitly show the CLI returning plaintext secret values (even in list output) and recommend populating environment variables (e.g. API_KEY=$(ravi secrets get ...)). Those patterns increase the chance of secrets ending up in agent logs, shell history, or environment. The doc also uses 'jq' for parsing but does not declare that as a dependency.
Install Mechanism
No install specification is provided (instruction-only), which by itself is low risk. However the SKILL.md presumes a 'ravi' binary and parsing tools (jq) are present on PATH without declaring them or showing how to install them. The lack of provenance (no homepage, no source repo) prevents verifying the CLI's origin.
Credentials
The skill requests no environment variables or primary credential in metadata, yet the documented commands imply communication with a server and an authentication mechanism. The instructions demonstrate storing highly sensitive items (API keys) and returning them in plaintext; metadata should have declared how the agent authenticates and what credentials are required. Absence of those declarations is disproportionate to the stated purpose and increases risk of misconfiguration or inadvertent exfiltration.
Persistence & Privilege
The skill is not force-installed (always: false) and is user-invocable. It allows autonomous invocation (disable-model-invocation: false), which is the platform default. There is no install-time persistence or other privileges requested in the metadata.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ravi-secrets - After installation, invoke the skill by name or use
/ravi-secrets - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.1
Auto-published from 19d2b7eea3e0a215bf8c5726dd9e1fb86307cdd7
v2.1.0
Auto-published from 291418be2de06f13e5473a1468993dc0738e1a70
v2.0.0
Auto-published from db51c4411963fdc5faa2644b6af3e7ab1936188a
v1.7.1
Auto-published from 024064a6cf1447213b584481ba7722f2fa0bf783
v1.7.0
Auto-published from 6c73eb0624f008d3cc927fdd91165c3d20c3f210
v1.6.1
Auto-published from 420494b822bf4d3a2e7d2643de7d65f6c3f192a7
Metadata
Frequently Asked Questions
What is Ravi secrets?
Store and retrieve key-value secrets — encrypted secret store for API keys and env vars. Do NOT use for website passwords (use ravi-passwords) or reading mes... It is an AI Agent Skill for Claude Code / OpenClaw, with 445 downloads so far.
How do I install Ravi secrets?
Run "/install ravi-secrets" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Ravi secrets free?
Yes, Ravi secrets is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Ravi secrets support?
Ravi secrets is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Ravi secrets?
It is built and maintained by Raunak Singwi (@raunaksingwi); the current version is v2.1.1.
More Skills