Skill

reah

Retrieve masked card info from Reah using an access key. Handles session generation, secure fetch, and decryption for agents automatically.

Popularity

Stars

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/reah:reah

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

This skill is organized by modules.

Supporting Files

scripts/get-card-info-example.mjs

SKILL.md

92 lines · ~765 tokens

Stats

LanguageJavaScript

Stars1

MaintenanceExcellent

Last CommitApr 14, 2026

Actions

View Source View Plugin View on GitHub View README

Stats

Actions

Reah Skill

This skill is organized by modules.

Modules

`reah_card`

Handle Reah card key flow for agents.reah.com.

This module handles two tasks.

Task 1: Ask for access key

If user did not provide an access key, ask user with this exact message:

To continue, I need your Reah card access key.

You can get it from agents.reah.com:
- Open your card
- Click "Generate agent key"

Paste it here and I'll securely fetch your card details.

If the workflow uses REAH_AGENT_KEYS from environment:

MUST ask for manual confirmation before each key read, even within the same conversation.
MUST NOT reuse prior confirmation.
Use this exact confirmation message:

I can read the access key from REAH_AGENT_KEYS for this request.

Please confirm I should proceed with this key read now.

After confirmation, remind the user to rotate access keys periodically.

Do not proceed to Task 2 before key is provided or key-read confirmation is granted.

Task 2: Get and decrypt card info

Example script (reference only)

Use the example script below as reference for the full process:

node {baseDir}/scripts/get-card-info-example.mjs \
  --access-key "<accessKey>"

This script includes all steps in one place:

generate sessionId / secretKey
request individualCardByAccessKey(accessKey, sessionId) from https://agents.reah.com/graphql
decrypt encryptedPan and encryptedCvc

This script is for reference only. It intentionally ends after decryption and does not output raw pan/cvv.

Script Files

{baseDir}/scripts/get-card-info-example.mjs

Security Constraints

MUST use only the default Reah GraphQL endpoint: https://agents.reah.com/graphql.
MUST NOT allow endpoint override.
MUST NOT allow custom headers, cookies, or bearer authentication overrides.
MUST NOT send card data to any external endpoint.
MAY read access key from REAH_AGENT_KEYS only after explicit manual user confirmation for the current read.
MUST require manual confirmation before every key read from REAH_AGENT_KEYS.
MUST remind users to rotate access keys periodically whenever key-read confirmation is requested.
MUST NOT expose full access key in any user-facing response.
MUST NOT expose raw secretKey in any user-facing response.
MUST NOT return raw card info in any user-facing response. Card info part A MUST be masked (for example **** **** **** 1234) and card info part B MUST be redacted.

Error Handling

If access key is invalid, ask user to regenerate a new agent key and retry.
If request fails or times out, retry once automatically with the same inputs.
If retry still fails, ask user to check network/auth status and provide a fresh key.

reah

Popularity

Invocation

Context Preview

Supporting Files

SKILL.md

reah

Popularity

Invocation

Context Preview

Supporting Files

SKILL.md

Reah Skill

Modules

`reah_card`

Task 1: Ask for access key

Task 2: Get and decrypt card info

Example script (reference only)

Script Files

Security Constraints

Error Handling

Similar Skills

Reah Skill

Modules

`reah_card`

Task 1: Ask for access key

Task 2: Get and decrypt card info

Example script (reference only)

Script Files

Security Constraints

Error Handling

Similar Skills