reah

Retrieve masked card info from Reah using an access key. Handles session generation, secure fetch, and decryption for agents automatically.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "reah" with this command: npx skills add axelzou/reah-agent-card

Reah Skill

This skill is organized by modules.

Modules

reah_card

Handle Reah card key flow for agents.reah.com.

This module handles two tasks.

Task 1: Ask for access key

If user did not provide an access key, ask user with this exact message:

To continue, I need your Reah card access key.

You can get it from agents.reah.com:
- Open your card
- Click "Generate agent key"

Paste it here and I'll securely fetch your card details.

If the workflow uses REAH_AGENT_KEYS from environment:

  • MUST ask for manual confirmation before each key read, even within the same conversation.
  • MUST NOT reuse prior confirmation.
  • Use this exact confirmation message:
I can read the access key from REAH_AGENT_KEYS for this request.

Please confirm I should proceed with this key read now.
  • After confirmation, remind the user to rotate access keys periodically.

Do not proceed to Task 2 before key is provided or key-read confirmation is granted.

Task 2: Get and decrypt card info

Example script (reference only)

Use the example script below as reference for the full process:

node {baseDir}/scripts/get-card-info-example.mjs \
  --access-key "<accessKey>"

This script includes all steps in one place:

  • generate sessionId / secretKey
  • request individualCardByAccessKey(accessKey, sessionId) from https://agents.reah.com/graphql
  • decrypt encryptedPan and encryptedCvc

This script is for reference only. It intentionally ends after decryption and does not output raw pan/cvv.

Script Files
  • {baseDir}/scripts/get-card-info-example.mjs
Security Constraints
  • MUST use only the default Reah GraphQL endpoint: https://agents.reah.com/graphql.
  • MUST NOT allow endpoint override.
  • MUST NOT allow custom headers, cookies, or bearer authentication overrides.
  • MUST NOT send card data to any external endpoint.
  • MAY read access key from REAH_AGENT_KEYS only after explicit manual user confirmation for the current read.
  • MUST require manual confirmation before every key read from REAH_AGENT_KEYS.
  • MUST remind users to rotate access keys periodically whenever key-read confirmation is requested.
  • MUST NOT expose full access key in any user-facing response.
  • MUST NOT expose raw secretKey in any user-facing response.
  • MUST NOT return raw card info in any user-facing response. Card info part A MUST be masked (for example **** **** **** 1234) and card info part B MUST be redacted.
Error Handling
  • If access key is invalid, ask user to regenerate a new agent key and retry.
  • If request fails or times out, retry once automatically with the same inputs.
  • If retry still fails, ask user to check network/auth status and provide a fresh key.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

Notion

Notion integration. Manage project management and document management data, records, and workflows. Use when the user wants to interact with Notion data.

Registry SourceRecently Updated
930membranedev
Automation

Mailchimp

Mailchimp integration. Manage marketing automation data, records, and workflows. Use when the user wants to interact with Mailchimp data.

Registry SourceRecently Updated
1050membranedev
Automation

Keap

Keap integration. Manage crm and marketing automation and sales data, records, and workflows. Use when the user wants to interact with Keap data.

Registry SourceRecently Updated
1010membranedev
Automation

Spikecv Helper

Help AI Agents answer questions and execute tasks for SpikeCV, an ultra-high-speed spike camera vision framework. Use when the user asks about spike cameras,...

Registry SourceRecently Updated
802lhs183019