← 返回 Skills 市场
Ravi vault
作者
Raunak Singwi
· GitHub ↗
· v1.6.0
346
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install ravi-vault
功能描述
Store and retrieve key-value secrets — E2E encrypted vault for API keys and env vars. Do NOT use for website passwords (use ravi-passwords) or reading messag...
安全使用建议
This skill could be legitimate, but there are worrying gaps. Before installing, verify the origin of the 'ravi' CLI (official homepage/repo or signed releases), confirm how agents authenticate to the vault (what identity maps to stored keys), and review who can list keys (keys are plaintext). Prefer skills that provide an install spec or a trusted source and clear auth instructions. Treat any retrieved secret as exfiltrable — only enable this skill for agents you trust, and test in a sandboxed environment first. If you cannot verify the CLI/source or the authentication model, decline or mark as untrusted.
功能分析
Type: OpenClaw Skill
Name: ravi-vault
Version: 1.6.0
The OpenClaw AgentSkills bundle 'ravi-vault' appears to be a legitimate utility for storing and retrieving E2E encrypted key-value secrets. The `SKILL.md` file provides clear documentation and examples for using the `ravi` CLI tool for secret management (set, get, list, delete). There is no evidence of malicious prompt injection attempts against the AI agent, nor any indicators of data exfiltration, unauthorized execution, persistence mechanisms, or obfuscation. The `curl` example demonstrates legitimate usage of retrieved API keys with `api.openai.com`, which aligns with the skill's stated purpose.
能力评估
Purpose & Capability
The SKILL.md expects a 'ravi' CLI to be present and shows examples using jq/curl, but the skill metadata lists no required binaries and provides no install mechanism. Asking agents to store and retrieve API keys is coherent with a vault, but assuming an unprovided CLI is inconsistent.
Instruction Scope
Instructions explicitly show retrieving secrets and using them in outbound calls (curl). The document does not explain how the agent authenticates to the vault, how identities are provisioned, or where the backend is hosted. Examples demonstrate exfiltration-capable workflows (pull secret → call external API) which is expected for a vault but raises risk when combined with absent auth/install details.
Install Mechanism
This is instruction-only (no install spec and no code). That minimizes on-disk footprint but also leaves unanswered how to obtain the 'ravi' CLI. Lack of an install/source/homepage means users may have to fetch the CLI themselves — a potential risk if they pick an untrusted binary.
Credentials
The skill requests no environment variables or credentials in metadata, yet the examples store highly sensitive secrets (OPENAI_API_KEY, GITHUB_TOKEN) and show them being retrieved into env vars and used. The SKILL.md also states keys are stored in plaintext for lookup (only values are encrypted), which is a relevant privacy/security property that users must accept; the lack of declared auth credentials or access controls is a gap.
Persistence & Privilege
always:false and standard agent invocation are used. The skill does not request elevated or persistent platform privileges in the metadata.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ravi-vault - 安装完成后,直接呼叫该 Skill 的名称或使用
/ravi-vault触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.6.0
Auto-published from 40db4ff85e7f7ab07528a537bc78bcc99350ac24
v1.5.1
Fix workflow, publish all skills
元数据
常见问题
Ravi vault 是什么?
Store and retrieve key-value secrets — E2E encrypted vault for API keys and env vars. Do NOT use for website passwords (use ravi-passwords) or reading messag... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 346 次。
如何安装 Ravi vault?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ravi-vault」即可一键安装,无需额外配置。
Ravi vault 是免费的吗?
是的,Ravi vault 完全免费(开源免费),可自由下载、安装和使用。
Ravi vault 支持哪些平台?
Ravi vault 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ravi vault?
由 Raunak Singwi(@raunaksingwi)开发并维护,当前版本 v1.6.0。
推荐 Skills