ravi-login

SUSPICIOUS: the skill is coherent for identity-based signup/login automation, and the Ravi CLI provenance appears same-org official, but it gives the agent high-impact capabilities: retrieving stored passwords, reading OTP/email verification content, and completing third-party account actions. No clear credential-harvesting proxy is shown, so this is not confirmed malicious, but the autonomy and credential scope make it high-risk.