Rune Security Report — Suspicious | ClawSafe

45 /100

Rune

61-skill mesh for AI coding assistants — 5-layer architecture with orchestrators, workflow hubs, utilities, and 14 domain extension packs

A large, multi-file AI skill mesh (82 files) with legitimate code assistance purpose but containing multiple high-risk command patterns embedded in documentation examples, including base64 decoding, SSRF proof-of-concept payloads, and curl|sh detection guidance that inadvertently demonstrates the technique.

Skill NameRune

Duration70.1s

Enginepi

⚠

Use with caution

Review the security skill files for removed or sandboxed SSRF PoC content and clarify that curl|sh is only referenced defensively. Ensure sentinel's destructive command patterns are not auto-executable. The mobile skill's base64 -d usage for provisioning profile decoding is legitimate tooling.

Findings 5 items

Severity	Finding	Location
Medium	SSRF proof-of-concept with live metadata service IP Sensitive Access rune-ext-security.md pentest-patterns skill documents a live SSRF target (AWS EC2 metadata service at 169.254.169.254) as a proof-of-concept payload. While framed as defensive documentation showing what to protect against, the explicit curl command with the actual IP creates risk if copied verbatim into an unsafe context. `curl -X POST /api/webhook -d '{"callbackUrl":"http://169.254.169.254/latest/meta-data/"}'` → Replace live IP with a clearly-marked placeholder like YOUR_AWS_METADATA_IP or localhost:9999/metadata. Add explicit warnings that this PoC must only run against authorized test targets.	`skills/rune-ext-security.md:491`
Low	curl\|sh pattern referenced without clear anti-pattern framing Doc Mismatch The supply-chain skill in rune-ext-security.md:606 references curl\|sh as a detection target. While this is a legitimate defensive use (flagging malicious install scripts), the pattern appears without sufficiently clear 'DO NOT EXECUTE' framing, risking confusion. `curl node_modules/<pkg>/package.json \| jq '.scripts.install' — any install script running curl \| sh` → Re-frame the detection guidance to clearly separate: (1) HOW to detect curl\|sh in package scripts, (2) explicit warning that curl\|sh must NEVER be executed in production or automated pipelines.	`skills/rune-ext-security.md:606`
Low	base64 -d for provisioning profile decoding RCE rune-ext-mobile.md:527 uses base64 -d to decode a downloaded .mobileprovision file. This is standard iOS code signing tooling and not obfuscation, but base64 decoding can be used for obfuscation so it's flagged here. `base64 -d profile_content.b64 > profile.mobileprovision` → No action needed — this is legitimate iOS tooling. Consider adding a comment explicitly stating this is decoding an App Store Connect API response.	`skills/rune-ext-mobile.md:527`
Info	Placeholder IP addresses in DNS documentation Doc Mismatch rune-ext-devops.md:846 uses 203.0.113.1 (TEST-NET-3, a documentation-only IP range per RFC 5737) in DNS A record examples. This is legitimate documentation practice. `# A example.com → 203.0.113.1` → No action needed — 203.0.113.1 is a reserved TEST-NET IP appropriate for documentation.	`skills/rune-ext-devops.md:846`
Info	rm -rf / in sentinel pattern table Doc Mismatch rune-sentinel.md:145 references rm -rf / as a destructive command pattern to detect. This is part of sentinel's security scanning documentation and not actual execution. `rm -rf / — BLOCK if detected in changed files` → No action needed — this is sentinel's detection pattern table, not executable code.	`skills/rune-sentinel.md:145`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file write operations in markdown skills
Network	`NONE`	`READ`	✓ Aligned	Skills reference external URLs for documentation (rune-kit.github.io, context7.c…
Shell	`NONE`	`READ`	✓ Aligned	Shell commands documented as examples in ios-build-pipeline, supply-chain, and p…
Environment	`NONE`	`NONE`	—	No direct environment variable access in skill code

3 Critical 2 High 64 findings

🔒

Critical Encoded Execution Base64 编码执行（代码混淆）

base64 -d

skills/rune-ext-mobile.md:527

💀

Critical Dangerous Command 危险 Shell 命令

curl | sh

skills/rune-ext-security.md:606

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf /

skills/rune-sentinel.md:145

📡

High IP Address 硬编码 IP 地址

203.0.113.1

skills/rune-ext-devops.md:846

📡

High IP Address 硬编码 IP 地址

169.254.169.254

skills/rune-ext-security.md:491

🔗

Medium External URL 外部 URL

https://rune-kit.github.io/rune

README.md:42

🔗

Medium External URL 外部 URL

https://rune-kit.github.io/rune/guides

README.md:43

🔗

Medium External URL 外部 URL

http://www.w3.org/2000/svg

skills/rune-asset-creator.md:75

🔗

Medium External URL 外部 URL

https://context7.com/

skills/rune-docs-seeker.md:64

🔗

Medium External URL 外部 URL

https://context7.com/websites/

skills/rune-docs-seeker.md:70

🔗

Medium External URL 外部 URL

https://accounts.google.com

skills/rune-ext-backend.md:447

🔗

Medium External URL 外部 URL

https://en.wikipedia.org/wiki/Artificial_intelligence

skills/rune-ext-chrome-ext.md:333

🔗

Medium External URL 外部 URL

http://www.w3.org/2005/Atom

skills/rune-ext-content.md:142

🔗

Medium External URL 外部 URL

https://schema.org/BlogPosting

skills/rune-ext-content.md:1368

🔗

Medium External URL 外部 URL

https://schema.org/Person

skills/rune-ext-content.md:1373

🔗

Medium External URL 外部 URL

https://img.youtube.com/vi/$

skills/rune-ext-content.md:1432

🔗

Medium External URL 外部 URL

https://www.youtube-nocookie.com/embed/$

skills/rune-ext-content.md:1435

🔗

Medium External URL 外部 URL

https://player.vimeo.com/video/$

skills/rune-ext-content.md:1436

🔗

Medium External URL 外部 URL

https://schema.org

skills/rune-ext-content.md:1670

🔗

Medium External URL 外部 URL

https://$host$request_uri;

skills/rune-ext-devops.md:783

🔗

Medium External URL 外部 URL

https://api.frankfurter.app/latest?from=$

skills/rune-ext-ecommerce.md:541

🔗

Medium External URL 外部 URL

https://my.sepay.vn/docs

skills/rune-ext-ecommerce.md:582

🔗

Medium External URL 外部 URL

https://qr.sepay.vn/img?acc=$

skills/rune-ext-ecommerce.md:602

🔗

Medium External URL 外部 URL

https://sandbox.vnpayment.vn/apis/docs/huong-dan-tich-hop/

skills/rune-ext-ecommerce.md:656

🔗

Medium External URL 外部 URL

https://sandbox.vnpayment.vn/paymentv2/vpcpay.html

skills/rune-ext-ecommerce.md:664

🔗

Medium External URL 外部 URL

https://developers.momo.vn/v3/docs/payment/api/

skills/rune-ext-ecommerce.md:738

🔗

Medium External URL 外部 URL

https://test-payment.momo.vn/v2/gateway/api/create

skills/rune-ext-ecommerce.md:744

🔗

Medium External URL 外部 URL

https://docs.zalopay.vn/

skills/rune-ext-ecommerce.md:800

🔗

Medium External URL 外部 URL

https://ec.europa.eu/taxation_customs/vies/rest-api/ms/$

skills/rune-ext-ecommerce.md:1111

🔗

Medium External URL 外部 URL

http://www.apple.com/DTDs/PropertyList-1.0.dtd

skills/rune-ext-mobile.md:597

🔗

Medium External URL 外部 URL

https://u.expo.dev/your-project-id

skills/rune-ext-mobile.md:726

🔗

Medium External URL 外部 URL

https://api.polar.sh/v1/checkouts/

skills/rune-ext-saas.md:220

🔗

Medium External URL 外部 URL

https://app.yourdomain.com

skills/rune-ext-security.md:199

🔗

Medium External URL 外部 URL

https://staging.yourdomain.com

skills/rune-ext-security.md:200

🔗

Medium External URL 外部 URL

http://169.254.169.254/latest/meta-data/

skills/rune-ext-security.md:491

🔗

Medium External URL 外部 URL

https://npm.company.internal

skills/rune-ext-security.md:637

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa

skills/rune-ext-zalo.md:471

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v2.0/oa

skills/rune-ext-zalo.md:472

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa/message/cs

skills/rune-ext-zalo.md:500

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v2.0/oa/upload/image

skills/rune-ext-zalo.md:521

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v2.0/oa/upload/file

skills/rune-ext-zalo.md:557

🔗

Medium External URL 外部 URL

https://cdn.example.com/product-a.jpg

skills/rune-ext-zalo.md:607

🔗

Medium External URL 外部 URL

https://cdn.example.com/product-b.jpg

skills/rune-ext-zalo.md:613

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa/user/getlist?offset=0&count=50

skills/rune-ext-zalo.md:767

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa/user/detail?user_id=4337842264521611405

skills/rune-ext-zalo.md:790

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa/tag/tagfollower

skills/rune-ext-zalo.md:815

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa/tag/rmfollowerfromtag

skills/rune-ext-zalo.md:822

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa/message/promotion

skills/rune-ext-zalo.md:833

🔗

Medium External URL 外部 URL

https://developers.zalo.me

skills/rune-ext-zalo.md:898

🔗

Medium External URL 外部 URL

https://yourapp.com/auth/zalo/callback

skills/rune-ext-zalo.md:903

🔗

Medium External URL 外部 URL

https://oauth.zaloapp.com/v4/oa/permission?$

skills/rune-ext-zalo.md:958

🔗

Medium External URL 外部 URL

https://oauth.zaloapp.com/v4/oa/access_token

skills/rune-ext-zalo.md:982

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa/$

skills/rune-ext-zalo.md:1090

🔗

Medium External URL 外部 URL

https://your-domain.com/webhook/zalo

skills/rune-ext-zalo.md:1126

🔗

Medium External URL 外部 URL

https://xxxx.ngrok.io

skills/rune-ext-zalo.md:1284

🔗

Medium External URL 外部 URL

https://keepachangelog.com/

skills/rune-git.md:176

🔗

Medium External URL 外部 URL

https://api.example.com

skills/rune-mcp-builder.md:161

🔗

Medium External URL 外部 URL

https://myapp.com/dashboard

skills/rune-video-creator.md:106

🔗

Medium External URL 外部 URL

https://myapp.com

skills/rune-watchdog.md:40

🔗

Medium External URL 外部 URL

https://myapp.com/health

skills/rune-watchdog.md:50

📧

Info Email 邮箱地址

[email protected]

skills/rune-doc-processor.md:181

📧

Info Email 邮箱地址

[email protected]

skills/rune-ext-content.md:881

📧

Info Email 邮箱地址

[email protected]

skills/rune-ext-content.md:945

📧

Info Email 邮箱地址

[email protected]

skills/rune-integrity-check.md:138

File Tree

82 files · 1.5 MB · 37300 lines

Markdown 78f · 34926L JSON 2f · 1683L TypeScript 1f · 533L JavaScript 1f · 158L

├─ ▾ 📁 skills

│ ├─ ▾ 📁 rune-slides-scripts

│ │ └─ 📜 build-deck.js JavaScript 158L · 3.9 KB

│ ├─ 📝 rune-adversary.md Markdown 293L · 13.8 KB

│ ├─ 📝 rune-asset-creator.md Markdown 169L · 6.7 KB

│ ├─ 📝 rune-audit.md Markdown 538L · 21.8 KB

│ ├─ 📝 rune-autopsy.md Markdown 272L · 10.9 KB

│ ├─ 📝 rune-ba.md Markdown 359L · 14.6 KB

│ ├─ 📝 rune-brainstorm.md Markdown 349L · 17.6 KB

│ ├─ 📝 rune-browser-pilot.md Markdown 178L · 6.2 KB

│ ├─ 📝 rune-completion-gate.md Markdown 317L · 15.9 KB

│ ├─ 📝 rune-constraint-check.md Markdown 174L · 7.4 KB

│ ├─ 📝 rune-context-engine.md Markdown 413L · 19.3 KB

│ ├─ 📝 rune-context-pack.md Markdown 169L · 6.7 KB

│ ├─ 📝 rune-cook.md Markdown 840L · 46.1 KB

│ ├─ 📝 rune-db.md Markdown 282L · 10.8 KB

│ ├─ 📝 rune-debug.md Markdown 452L · 25.5 KB

│ ├─ 📝 rune-dependency-doctor.md Markdown 246L · 7.8 KB

│ ├─ 📝 rune-deploy.md Markdown 239L · 8.8 KB

│ ├─ 📝 rune-design.md Markdown 494L · 22.8 KB

│ ├─ 📝 rune-doc-processor.md Markdown 264L · 9.0 KB

│ ├─ 📝 rune-docs-seeker.md Markdown 187L · 7.3 KB

│ ├─ 📝 rune-docs.md Markdown 383L · 13.1 KB

│ ├─ 📝 rune-ext-ai-ml.md Markdown 1132L · 44.3 KB

│ ├─ 📝 rune-ext-analytics.md Markdown 576L · 26.3 KB

│ ├─ 📝 rune-ext-backend.md Markdown 1011L · 48.5 KB

│ ├─ 📝 rune-ext-chrome-ext.md Markdown 1006L · 45.8 KB

│ ├─ 📝 rune-ext-content.md Markdown 1844L · 66.8 KB

│ ├─ 📝 rune-ext-devops.md Markdown 858L · 35.4 KB

│ ├─ 📝 rune-ext-ecommerce.md Markdown 1147L · 47.1 KB

│ ├─ 📝 rune-ext-gamedev.md Markdown 1430L · 53.3 KB

│ ├─ 📝 rune-ext-mobile.md Markdown 954L · 40.5 KB

│ ├─ 📝 rune-ext-saas.md Markdown 900L · 48.3 KB

│ ├─ 📝 rune-ext-security.md Markdown 648L · 37.8 KB

│ ├─ 📝 rune-ext-trading.md Markdown 612L · 27.5 KB

│ ├─ 📝 rune-ext-ui.md Markdown 1232L · 60.7 KB

│ ├─ 📝 rune-ext-zalo.md Markdown 1855L · 63.7 KB

│ ├─ 📝 rune-fix.md Markdown 319L · 17.2 KB

│ ├─ 📝 rune-git.md Markdown 349L · 10.2 KB

│ ├─ 📝 rune-hallucination-guard.md Markdown 229L · 9.7 KB

│ ├─ 📝 rune-incident.md Markdown 260L · 10.0 KB

│ ├─ 📝 rune-index.md Markdown 86L · 1.7 KB

│ ├─ 📝 rune-integrity-check.md Markdown 178L · 7.3 KB

│ ├─ 📝 rune-journal.md Markdown 250L · 10.0 KB

│ ├─ 📝 rune-launch.md Markdown 349L · 11.9 KB

│ ├─ 📝 rune-logic-guardian.md Markdown 261L · 11.6 KB

│ ├─ 📝 rune-marketing.md Markdown 257L · 10.9 KB

│ ├─ 📝 rune-mcp-builder.md Markdown 433L · 15.8 KB

│ ├─ 📝 rune-neural-memory.md Markdown 354L · 15.0 KB

│ ├─ 📝 rune-onboard.md Markdown 415L · 20.0 KB

│ ├─ 📝 rune-perf.md Markdown 356L · 14.6 KB

│ ├─ 📝 rune-plan.md Markdown 378L · 20.8 KB

│ ├─ 📝 rune-preflight.md Markdown 405L · 20.2 KB

│ ├─ 📝 rune-problem-solver.md Markdown 294L · 15.4 KB

│ ├─ 📝 rune-rescue.md Markdown 458L · 15.2 KB

│ ├─ 📝 rune-research.md Markdown 182L · 7.9 KB

│ ├─ 📝 rune-retro.md Markdown 429L · 17.0 KB

│ ├─ 📝 rune-review-intake.md Markdown 259L · 9.6 KB

│ ├─ 📝 rune-review.md Markdown 544L · 25.3 KB

│ ├─ 📝 rune-safeguard.md Markdown 213L · 8.5 KB

│ ├─ 📝 rune-sast.md Markdown 200L · 7.5 KB

│ ├─ 📝 rune-scaffold.md Markdown 296L · 13.0 KB

│ ├─ 📝 rune-scope-guard.md Markdown 172L · 6.5 KB

│ ├─ 📝 rune-scout.md Markdown 273L · 11.8 KB

│ ├─ 📝 rune-sentinel-env.md Markdown 264L · 11.1 KB

│ ├─ 📝 rune-sentinel.md Markdown 362L · 22.0 KB

│ ├─ 📝 rune-sequential-thinking.md Markdown 244L · 11.0 KB

│ ├─ 📝 rune-session-bridge.md Markdown 408L · 16.5 KB

│ ├─ 📝 rune-skill-forge.md Markdown 549L · 24.1 KB

│ ├─ 📝 rune-skill-router.md Markdown 455L · 25.1 KB

│ ├─ 📝 rune-slides.md Markdown 152L · 5.3 KB

│ ├─ 📝 rune-surgeon.md Markdown 228L · 9.5 KB

│ ├─ 📝 rune-team.md Markdown 521L · 21.0 KB

│ ├─ 📝 rune-test.md Markdown 598L · 28.8 KB

│ ├─ 📝 rune-trend-scout.md Markdown 155L · 5.8 KB

│ ├─ 📝 rune-verification.md Markdown 335L · 15.8 KB

│ ├─ 📝 rune-video-creator.md Markdown 213L · 7.4 KB

│ ├─ 📝 rune-watchdog.md Markdown 177L · 6.4 KB

│ ├─ 📝 rune-worktree.md Markdown 149L · 5.1 KB

│ └─ 📋 skill-index.json JSON 1651L · 39.8 KB

├─ ▾ 📁 src

│ └─ 📜 index.ts TypeScript 533L · 37.8 KB

├─ 📋 openclaw.plugin.json JSON 32L · 783 B

├─ 📝 README.md Markdown 47L · 1.8 KB

└─ 📝 SKILL.md Markdown 47L · 1.8 KB

Security Positives

✓ SKILL.md clearly documents the mesh architecture with no hidden capabilities — 61 skills across 5 layers described transparently

✓ sentinel skill (L2) is a dedicated security gatekeeper with OWASP pattern detection, secret scanning, and destructive command guards

✓ supply-chain security analysis includes typosquatting detection, dependency confusion checks, and SLSA provenance verification

✓ Skill mesh has MIT license and references public GitHub repository — no hidden monetization or suspicious distribution

✓ Rune Pro and Business upsells are clearly branded and not embedded as hidden functionality

✓ No .env files, no credential harvesting code, no external C2 communications detected

✓ defense-in-depth skill provides solid multi-layer validation strategy

✓ pentest-patterns skill documents JWT algorithm confusion, SSRF, and IDOR with remediation guidance

Scan Report

Findings 5 items

File Tree

Security Positives