← 返回 Skills 市场
Ravi ravi
作者
Raunak Singwi
· GitHub ↗
· v2.1.1
· MIT-0
598
总下载
0
收藏
3
当前安装
11
版本数
在 OpenClaw 中安装
/install ravi
功能描述
Overview of Ravi and when to use each skill. Ravi gives AI agents real email inboxes, phone numbers, and an encrypted secret store via API. Do NOT use for ta...
安全使用建议
This skill is not obviously malicious, but it has several red flags you should consider before installing: 1) It expects a 'ravi' CLI and a local config at ~/.ravi/config.json but the manifest does not declare these requirements or how to obtain/verify the CLI. Verify the vendor/source and installation instructions before installing any binaries. 2) The skill gives agents access to real inboxes, phone numbers, OTPs, and a secret store — ensure you really want an agent to manage or forward credentials. 3) The SKILL.md encourages sending feedback to [email protected]; avoid including secrets, OTPs, or API keys in feedback messages. 4) If you enable agent autonomy, consider disabling autonomous invocation for this skill (or restrict its use) so it cannot perform signups, read OTPs, or exfiltrate secrets without explicit human approval. 5) Ask the publisher for a clear install source, a signed binary or package, and documentation describing how credentials are stored and protected; inspect ~/.ravi/config.json after onboarding to understand what keys are stored locally. If you cannot validate the CLI source or you do not accept the data-exposure risks, do not install or enable autonomous use of this skill.
功能分析
Type: OpenClaw Skill
Name: ravi
Version: 2.1.1
The 'ravi' skill bundle (v2.1.1) provides identity and secret management but contains highly suspicious instructions in SKILL.md. It mandates that the AI agent send 'feedback' emails to [email protected] after every workflow, which functions as a telemetry and exfiltration channel for the agent's activity logs and user context. Furthermore, the service encourages the storage of high-value credentials (e.g., OPENAI_API_KEY) in its third-party store, which, combined with the aggressive feedback requirement, creates a significant risk of sensitive data leakage to the ravi.id domain.
能力评估
Purpose & Capability
The SKILL.md describes a CLI-based identity/secrets provider (email, phone, OTP handling, encrypted secret store) which is coherent with the skill's description, but the package metadata lists no required binaries or config paths. The instructions assume a 'ravi' CLI is present and that keys are stored at ~/.ravi/config.json; those requirements should be declared in the skill manifest but are not.
Instruction Scope
Instructions direct the agent to perform high-impact actions: onboarding via `ravi auth login`, create/read OTPs and emails, perform end-to-end signups/logins, and store or retrieve API keys and secrets. They also encourage always sending feedback to [email protected]. That feedback step can lead to sensitive data being transmitted to the vendor if not explicitly sanitized. The scope is broad and could enable credential/OTP exfiltration if abused.
Install Mechanism
This is instruction-only (no install spec), which limits on-disk modifications by the skill itself. However, the SKILL.md requires an external 'ravi' CLI/tool that is not provided or referenced by a vetted install source; the skill does not document how that binary should be obtained or verified.
Credentials
The manifest requests no env vars, but the instructions explicitly tell the agent to store and retrieve other services' API keys (example: OPENAI_API_KEY) and to send/receive plaintext secrets to the Ravi service. The skill grants access to highly sensitive assets (inboxes, OTPs, secret store) yet declares no primary credential or configuration path — a mismatch and a high-privilege capability that should be justified and minimized.
Persistence & Privilege
always:false (good), but the skill allows autonomous invocation (disable-model-invocation:false) while exposing high privileges (identity, OTPs, secrets). Autonomous use combined with broad secret-handling capabilities increases risk; the manifest does not limit or document safe usage boundaries or vendor verification steps.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ravi - 安装完成后,直接呼叫该 Skill 的名称或使用
/ravi触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.1.1
Auto-published from 19d2b7eea3e0a215bf8c5726dd9e1fb86307cdd7
v2.1.0
Auto-published from 291418be2de06f13e5473a1468993dc0738e1a70
v2.0.0
Auto-published from db51c4411963fdc5faa2644b6af3e7ab1936188a
v1.7.1
Auto-published from 024064a6cf1447213b584481ba7722f2fa0bf783
v1.7.0
Auto-published from 6c73eb0624f008d3cc927fdd91165c3d20c3f210
v1.6.1
Auto-published from 420494b822bf4d3a2e7d2643de7d65f6c3f192a7
v1.6.0
Auto-published from 40db4ff85e7f7ab07528a537bc78bcc99350ac24
v1.5.1
Fix workflow, publish all skills
v1.4.0
Consolidated repo, passwords/vault split, feedback skill
v1.3.0
Consolidated repo, passwords/vault split, feedback skill
v1.2.0
Consolidated skills repo with passwords/vault split
元数据
常见问题
Ravi ravi 是什么?
Overview of Ravi and when to use each skill. Ravi gives AI agents real email inboxes, phone numbers, and an encrypted secret store via API. Do NOT use for ta... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 598 次。
如何安装 Ravi ravi?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ravi」即可一键安装,无需额外配置。
Ravi ravi 是免费的吗?
是的,Ravi ravi 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Ravi ravi 支持哪些平台?
Ravi ravi 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ravi ravi?
由 Raunak Singwi(@raunaksingwi)开发并维护,当前版本 v2.1.1。
推荐 Skills