ravi

SUSPICIOUS. The skill is internally coherent for an agent identity provider, and the install path appears same-org and publicly sourced, so this is not confirmed malware. However, it centralizes highly sensitive data and real-world communication actions, stores auth keys locally, forwards third-party secrets into Ravi, and instructs routine feedback emails that may leak workflow details; this makes the overall security exposure medium-high even though the purpose matches the capabilities.