Rune Security Report — Trusted | ClawSafe

10 /100

Rune

59-skill mesh for AI coding assistants with 200+ connections and 14 extension packs

Rune 是一款开源的 AI 编程助手技能网格（59个技能），所有高危IOC均为安全最佳实践文档或教学示例，无实际恶意行为。

Skill NameRune

Duration56.9s

Enginepi

✓

Safe to install

无需限制，可安全使用。技能作为安全工具包提供防御性检查和漏洞示例。

Findings 2 items

Severity	Finding	Location
Info	IOC均为防御性教学示例 Doc Mismatch 预扫描标记的所有高危IOC经核实均为安全最佳实践文档，无实际恶意行为。base64解码用于证书处理，rm -rf是检测模式，curl\|sh是检测示例，IP均为教学用途。 `安全技能包` → 无需修复	`skills/rune-ext-*.md`
Info	shell命令均为防御性质 RCE 所有shell命令（npm audit, gitleaks, terraform plan等）均用于安全扫描和部署，属于声明的合法用途。 `rm -rf /, DROP TABLE, DELETE FROM without WHERE` → 无需修复	`skills/rune-sentinel.md:145`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md 声明shell执行能力，用于代码生成和文件操作
Shell	`WRITE`	`WRITE`	✓ Aligned	用于运行安全扫描命令 npm audit, gitleaks 等
Network	`READ`	`READ`	✓ Aligned	用于fetch文档、API集成、教学示例
Environment	`READ`	`READ`	✓ Aligned	检测凭证泄露和配置审计

3 Critical 2 High 64 findings

🔒

Critical Encoded Execution Base64 编码执行（代码混淆）

base64 -d

skills/rune-ext-mobile.md:527

💀

Critical Dangerous Command 危险 Shell 命令

curl | sh

skills/rune-ext-security.md:606

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf /

skills/rune-sentinel.md:145

📡

High IP Address 硬编码 IP 地址

203.0.113.1

skills/rune-ext-devops.md:846

📡

High IP Address 硬编码 IP 地址

169.254.169.254

skills/rune-ext-security.md:491

🔗

Medium External URL 外部 URL

https://rune-kit.github.io/rune

README.md:42

🔗

Medium External URL 外部 URL

https://rune-kit.github.io/rune/guides

README.md:43

🔗

Medium External URL 外部 URL

http://www.w3.org/2000/svg

skills/rune-asset-creator.md:75

🔗

Medium External URL 外部 URL

https://context7.com/

skills/rune-docs-seeker.md:64

🔗

Medium External URL 外部 URL

https://context7.com/websites/

skills/rune-docs-seeker.md:70

🔗

Medium External URL 外部 URL

https://accounts.google.com

skills/rune-ext-backend.md:447

🔗

Medium External URL 外部 URL

https://en.wikipedia.org/wiki/Artificial_intelligence

skills/rune-ext-chrome-ext.md:333

🔗

Medium External URL 外部 URL

http://www.w3.org/2005/Atom

skills/rune-ext-content.md:142

🔗

Medium External URL 外部 URL

https://schema.org/BlogPosting

skills/rune-ext-content.md:1368

🔗

Medium External URL 外部 URL

https://schema.org/Person

skills/rune-ext-content.md:1373

🔗

Medium External URL 外部 URL

https://img.youtube.com/vi/$

skills/rune-ext-content.md:1432

🔗

Medium External URL 外部 URL

https://www.youtube-nocookie.com/embed/$

skills/rune-ext-content.md:1435

🔗

Medium External URL 外部 URL

https://player.vimeo.com/video/$

skills/rune-ext-content.md:1436

🔗

Medium External URL 外部 URL

https://schema.org

skills/rune-ext-content.md:1670

🔗

Medium External URL 外部 URL

https://$host$request_uri;

skills/rune-ext-devops.md:783

🔗

Medium External URL 外部 URL

https://api.frankfurter.app/latest?from=$

skills/rune-ext-ecommerce.md:541

🔗

Medium External URL 外部 URL

https://my.sepay.vn/docs

skills/rune-ext-ecommerce.md:582

🔗

Medium External URL 外部 URL

https://qr.sepay.vn/img?acc=$

skills/rune-ext-ecommerce.md:602

🔗

Medium External URL 外部 URL

https://sandbox.vnpayment.vn/apis/docs/huong-dan-tich-hop/

skills/rune-ext-ecommerce.md:656

🔗

Medium External URL 外部 URL

https://sandbox.vnpayment.vn/paymentv2/vpcpay.html

skills/rune-ext-ecommerce.md:664

🔗

Medium External URL 外部 URL

https://developers.momo.vn/v3/docs/payment/api/

skills/rune-ext-ecommerce.md:738

🔗

Medium External URL 外部 URL

https://test-payment.momo.vn/v2/gateway/api/create

skills/rune-ext-ecommerce.md:744

🔗

Medium External URL 外部 URL

https://docs.zalopay.vn/

skills/rune-ext-ecommerce.md:800

🔗

Medium External URL 外部 URL

https://ec.europa.eu/taxation_customs/vies/rest-api/ms/$

skills/rune-ext-ecommerce.md:1111

🔗

Medium External URL 外部 URL

http://www.apple.com/DTDs/PropertyList-1.0.dtd

skills/rune-ext-mobile.md:597

🔗

Medium External URL 外部 URL

https://u.expo.dev/your-project-id

skills/rune-ext-mobile.md:726

🔗

Medium External URL 外部 URL

https://api.polar.sh/v1/checkouts/

skills/rune-ext-saas.md:220

🔗

Medium External URL 外部 URL

https://app.yourdomain.com

skills/rune-ext-security.md:199

🔗

Medium External URL 外部 URL

https://staging.yourdomain.com

skills/rune-ext-security.md:200

🔗

Medium External URL 外部 URL

http://169.254.169.254/latest/meta-data/

skills/rune-ext-security.md:491

🔗

Medium External URL 外部 URL

https://npm.company.internal

skills/rune-ext-security.md:637

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa

skills/rune-ext-zalo.md:471

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v2.0/oa

skills/rune-ext-zalo.md:472

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa/message/cs

skills/rune-ext-zalo.md:500

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v2.0/oa/upload/image

skills/rune-ext-zalo.md:521

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v2.0/oa/upload/file

skills/rune-ext-zalo.md:557

🔗

Medium External URL 外部 URL

https://cdn.example.com/product-a.jpg

skills/rune-ext-zalo.md:607

🔗

Medium External URL 外部 URL

https://cdn.example.com/product-b.jpg

skills/rune-ext-zalo.md:613

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa/user/getlist?offset=0&count=50

skills/rune-ext-zalo.md:767

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa/user/detail?user_id=4337842264521611405

skills/rune-ext-zalo.md:790

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa/tag/tagfollower

skills/rune-ext-zalo.md:815

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa/tag/rmfollowerfromtag

skills/rune-ext-zalo.md:822

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa/message/promotion

skills/rune-ext-zalo.md:833

🔗

Medium External URL 外部 URL

https://developers.zalo.me

skills/rune-ext-zalo.md:898

🔗

Medium External URL 外部 URL

https://yourapp.com/auth/zalo/callback

skills/rune-ext-zalo.md:903

🔗

Medium External URL 外部 URL

https://oauth.zaloapp.com/v4/oa/permission?$

skills/rune-ext-zalo.md:958

🔗

Medium External URL 外部 URL

https://oauth.zaloapp.com/v4/oa/access_token

skills/rune-ext-zalo.md:982

🔗

Medium External URL 外部 URL

https://openapi.zalo.me/v3.0/oa/$

skills/rune-ext-zalo.md:1090

🔗

Medium External URL 外部 URL

https://your-domain.com/webhook/zalo

skills/rune-ext-zalo.md:1126

🔗

Medium External URL 外部 URL

https://xxxx.ngrok.io

skills/rune-ext-zalo.md:1284

🔗

Medium External URL 外部 URL

https://keepachangelog.com/

skills/rune-git.md:176

🔗

Medium External URL 外部 URL

https://api.example.com

skills/rune-mcp-builder.md:161

🔗

Medium External URL 外部 URL

https://myapp.com/dashboard

skills/rune-video-creator.md:106

🔗

Medium External URL 外部 URL

https://myapp.com

skills/rune-watchdog.md:40

🔗

Medium External URL 外部 URL

https://myapp.com/health

skills/rune-watchdog.md:50

📧

Info Email 邮箱地址

[email protected]

skills/rune-doc-processor.md:181

📧

Info Email 邮箱地址

[email protected]

skills/rune-ext-content.md:881

📧

Info Email 邮箱地址

[email protected]

skills/rune-ext-content.md:945

📧

Info Email 邮箱地址

[email protected]

skills/rune-integrity-check.md:138

File Tree

82 files · 1.5 MB · 37300 lines

Markdown 78f · 34926L JSON 2f · 1683L TypeScript 1f · 533L JavaScript 1f · 158L

├─ ▾ 📁 skills

│ ├─ ▾ 📁 rune-slides-scripts

│ │ └─ 📜 build-deck.js JavaScript 158L · 3.9 KB

│ ├─ 📝 rune-adversary.md Markdown 293L · 13.8 KB

│ ├─ 📝 rune-asset-creator.md Markdown 169L · 6.7 KB

│ ├─ 📝 rune-audit.md Markdown 538L · 21.8 KB

│ ├─ 📝 rune-autopsy.md Markdown 272L · 10.9 KB

│ ├─ 📝 rune-ba.md Markdown 359L · 14.6 KB

│ ├─ 📝 rune-brainstorm.md Markdown 349L · 17.6 KB

│ ├─ 📝 rune-browser-pilot.md Markdown 178L · 6.2 KB

│ ├─ 📝 rune-completion-gate.md Markdown 317L · 15.9 KB

│ ├─ 📝 rune-constraint-check.md Markdown 174L · 7.4 KB

│ ├─ 📝 rune-context-engine.md Markdown 413L · 19.3 KB

│ ├─ 📝 rune-context-pack.md Markdown 169L · 6.7 KB

│ ├─ 📝 rune-cook.md Markdown 840L · 46.1 KB

│ ├─ 📝 rune-db.md Markdown 282L · 10.8 KB

│ ├─ 📝 rune-debug.md Markdown 452L · 25.5 KB

│ ├─ 📝 rune-dependency-doctor.md Markdown 246L · 7.8 KB

│ ├─ 📝 rune-deploy.md Markdown 239L · 8.8 KB

│ ├─ 📝 rune-design.md Markdown 494L · 22.8 KB

│ ├─ 📝 rune-doc-processor.md Markdown 264L · 9.0 KB

│ ├─ 📝 rune-docs-seeker.md Markdown 187L · 7.3 KB

│ ├─ 📝 rune-docs.md Markdown 383L · 13.1 KB

│ ├─ 📝 rune-ext-ai-ml.md Markdown 1132L · 44.3 KB

│ ├─ 📝 rune-ext-analytics.md Markdown 576L · 26.3 KB

│ ├─ 📝 rune-ext-backend.md Markdown 1011L · 48.5 KB

│ ├─ 📝 rune-ext-chrome-ext.md Markdown 1006L · 45.8 KB

│ ├─ 📝 rune-ext-content.md Markdown 1844L · 66.8 KB

│ ├─ 📝 rune-ext-devops.md Markdown 858L · 35.4 KB

│ ├─ 📝 rune-ext-ecommerce.md Markdown 1147L · 47.1 KB

│ ├─ 📝 rune-ext-gamedev.md Markdown 1430L · 53.3 KB

│ ├─ 📝 rune-ext-mobile.md Markdown 954L · 40.5 KB

│ ├─ 📝 rune-ext-saas.md Markdown 900L · 48.3 KB

│ ├─ 📝 rune-ext-security.md Markdown 648L · 37.8 KB

│ ├─ 📝 rune-ext-trading.md Markdown 612L · 27.5 KB

│ ├─ 📝 rune-ext-ui.md Markdown 1232L · 60.7 KB

│ ├─ 📝 rune-ext-zalo.md Markdown 1855L · 63.7 KB

│ ├─ 📝 rune-fix.md Markdown 319L · 17.2 KB

│ ├─ 📝 rune-git.md Markdown 349L · 10.2 KB

│ ├─ 📝 rune-hallucination-guard.md Markdown 229L · 9.7 KB

│ ├─ 📝 rune-incident.md Markdown 260L · 10.0 KB

│ ├─ 📝 rune-index.md Markdown 86L · 1.7 KB

│ ├─ 📝 rune-integrity-check.md Markdown 178L · 7.3 KB

│ ├─ 📝 rune-journal.md Markdown 250L · 10.0 KB

│ ├─ 📝 rune-launch.md Markdown 349L · 11.9 KB

│ ├─ 📝 rune-logic-guardian.md Markdown 261L · 11.6 KB

│ ├─ 📝 rune-marketing.md Markdown 257L · 10.9 KB

│ ├─ 📝 rune-mcp-builder.md Markdown 433L · 15.8 KB

│ ├─ 📝 rune-neural-memory.md Markdown 354L · 15.0 KB

│ ├─ 📝 rune-onboard.md Markdown 415L · 20.0 KB

│ ├─ 📝 rune-perf.md Markdown 356L · 14.6 KB

│ ├─ 📝 rune-plan.md Markdown 378L · 20.8 KB

│ ├─ 📝 rune-preflight.md Markdown 405L · 20.2 KB

│ ├─ 📝 rune-problem-solver.md Markdown 294L · 15.4 KB

│ ├─ 📝 rune-rescue.md Markdown 458L · 15.2 KB

│ ├─ 📝 rune-research.md Markdown 182L · 7.9 KB

│ ├─ 📝 rune-retro.md Markdown 429L · 17.0 KB

│ ├─ 📝 rune-review-intake.md Markdown 259L · 9.6 KB

│ ├─ 📝 rune-review.md Markdown 544L · 25.3 KB

│ ├─ 📝 rune-safeguard.md Markdown 213L · 8.5 KB

│ ├─ 📝 rune-sast.md Markdown 200L · 7.5 KB

│ ├─ 📝 rune-scaffold.md Markdown 296L · 13.0 KB

│ ├─ 📝 rune-scope-guard.md Markdown 172L · 6.5 KB

│ ├─ 📝 rune-scout.md Markdown 273L · 11.8 KB

│ ├─ 📝 rune-sentinel-env.md Markdown 264L · 11.1 KB

│ ├─ 📝 rune-sentinel.md Markdown 362L · 22.0 KB

│ ├─ 📝 rune-sequential-thinking.md Markdown 244L · 11.0 KB

│ ├─ 📝 rune-session-bridge.md Markdown 408L · 16.5 KB

│ ├─ 📝 rune-skill-forge.md Markdown 549L · 24.1 KB

│ ├─ 📝 rune-skill-router.md Markdown 455L · 25.1 KB

│ ├─ 📝 rune-slides.md Markdown 152L · 5.3 KB

│ ├─ 📝 rune-surgeon.md Markdown 228L · 9.5 KB

│ ├─ 📝 rune-team.md Markdown 521L · 21.0 KB

│ ├─ 📝 rune-test.md Markdown 598L · 28.8 KB

│ ├─ 📝 rune-trend-scout.md Markdown 155L · 5.8 KB

│ ├─ 📝 rune-verification.md Markdown 335L · 15.8 KB

│ ├─ 📝 rune-video-creator.md Markdown 213L · 7.4 KB

│ ├─ 📝 rune-watchdog.md Markdown 177L · 6.4 KB

│ ├─ 📝 rune-worktree.md Markdown 149L · 5.1 KB

│ └─ 📋 skill-index.json JSON 1651L · 39.8 KB

├─ ▾ 📁 src

│ └─ 📜 index.ts TypeScript 533L · 37.8 KB

├─ 📋 openclaw.plugin.json JSON 32L · 783 B

├─ 📝 README.md Markdown 47L · 1.8 KB

└─ 📝 SKILL.md Markdown 47L · 1.8 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`jsonwebtoken`	`未指定`	示例代码	No	JWT库示例用于教学
`google-auth-library`	`未指定`	示例代码	No	Firebase认证库示例

Security Positives

✓ 开源项目（MIT License），代码可审计

✓ 具有完整的安全门控机制（sentinel skill）

✓ 包含供应链安全检测（gitleaks, npm audit）

✓ SSRF示例展示了凭证窃取攻击路径，属于正当安全教育

✓ 使用opus模型进行安全审计，确保分析深度

✓ 包含六门验证机制防止误报

Scan Report

Findings 2 items

File Tree

Dependencies 2 items

Security Positives