← 返回 Skills 市场
raunaksingwi

Ravi secrets

作者 Raunak Singwi · GitHub ↗ · v2.1.1 · MIT-0
cross-platform ⚠ suspicious
445
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install ravi-secrets
功能描述
Store and retrieve key-value secrets — encrypted secret store for API keys and env vars. Do NOT use for website passwords (use ravi-passwords) or reading mes...
安全使用建议
This skill claims to be a secrets store but doesn't declare the 'ravi' CLI, jq, or any authentication details. Before installing or using it: (1) ask the author for the CLI's source/release URL and an install method so you can verify the binary; (2) confirm how the CLI authenticates (what credential or login is required) and ensure that credential is scoped and stored securely; (3) be aware the documented outputs show plaintext secret values (including in list), which can leak to logs, shell history, or other tools—only use in environments where that risk is acceptable; (4) avoid storing high-risk secrets until provenance and auth are clear. If the author cannot provide a repository, homepage, or clear auth/install instructions, treat the skill as untrusted.
功能分析
Type: OpenClaw Skill Name: ravi-secrets Version: 2.1.1 The ravi-secrets skill bundle provides documentation for a command-line utility used to manage API keys and environment variables via the 'ravi' CLI. The instructions in SKILL.md describe standard secret management operations (set, get, list, delete) and point to a legitimate-looking documentation endpoint at ravi.id, with no evidence of malicious intent, data exfiltration, or prompt injection attacks.
能力评估
Purpose & Capability
The name/description and runtime instructions consistently describe a secrets store (set/get/list/delete). However the SKILL.md assumes a 'ravi' CLI exists and returns plaintext secret values, yet the skill metadata lists no required binaries, no install spec, and no authentication/credential requirements. That mismatch (expecting a CLI and a live server with auth but declaring none) is unexplained and disproportionate.
Instruction Scope
Instructions are narrowly scoped to secret management commands, but they explicitly show the CLI returning plaintext secret values (even in list output) and recommend populating environment variables (e.g. API_KEY=$(ravi secrets get ...)). Those patterns increase the chance of secrets ending up in agent logs, shell history, or environment. The doc also uses 'jq' for parsing but does not declare that as a dependency.
Install Mechanism
No install specification is provided (instruction-only), which by itself is low risk. However the SKILL.md presumes a 'ravi' binary and parsing tools (jq) are present on PATH without declaring them or showing how to install them. The lack of provenance (no homepage, no source repo) prevents verifying the CLI's origin.
Credentials
The skill requests no environment variables or primary credential in metadata, yet the documented commands imply communication with a server and an authentication mechanism. The instructions demonstrate storing highly sensitive items (API keys) and returning them in plaintext; metadata should have declared how the agent authenticates and what credentials are required. Absence of those declarations is disproportionate to the stated purpose and increases risk of misconfiguration or inadvertent exfiltration.
Persistence & Privilege
The skill is not force-installed (always: false) and is user-invocable. It allows autonomous invocation (disable-model-invocation: false), which is the platform default. There is no install-time persistence or other privileges requested in the metadata.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ravi-secrets
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ravi-secrets 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.1.1
Auto-published from 19d2b7eea3e0a215bf8c5726dd9e1fb86307cdd7
v2.1.0
Auto-published from 291418be2de06f13e5473a1468993dc0738e1a70
v2.0.0
Auto-published from db51c4411963fdc5faa2644b6af3e7ab1936188a
v1.7.1
Auto-published from 024064a6cf1447213b584481ba7722f2fa0bf783
v1.7.0
Auto-published from 6c73eb0624f008d3cc927fdd91165c3d20c3f210
v1.6.1
Auto-published from 420494b822bf4d3a2e7d2643de7d65f6c3f192a7
元数据
Slug ravi-secrets
版本 2.1.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 6
常见问题

Ravi secrets 是什么?

Store and retrieve key-value secrets — encrypted secret store for API keys and env vars. Do NOT use for website passwords (use ravi-passwords) or reading mes... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 445 次。

如何安装 Ravi secrets?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ravi-secrets」即可一键安装,无需额外配置。

Ravi secrets 是免费的吗?

是的,Ravi secrets 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Ravi secrets 支持哪些平台?

Ravi secrets 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Ravi secrets?

由 Raunak Singwi(@raunaksingwi)开发并维护,当前版本 v2.1.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论