RunPod pod management
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent RunPod management skill with no hidden behavior found, but it intentionally uses RunPod credentials, SSH keys, and cloud lifecycle commands that can affect your pods, files, and costs.
Before installing, make sure you want the agent to manage RunPod infrastructure. Configure credentials carefully, approve any costly or state-changing pod operations, and be cautious when mounting a pod’s full root filesystem because it can expose or modify remote files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with configured RunPod access, the agent can start, stop, create, and transfer files for RunPod pods, which may affect costs and workloads.
The skill documents cloud lifecycle and file-transfer commands that can create billable GPU resources, change pod state, or move files. This is expected for RunPod management, but it is high-impact authority.
runpodctl create pod ... runpodctl start pod <id> runpodctl stop pod <id> runpodctl send <file>
Only install this if you want the agent to manage RunPod infrastructure, and require explicit confirmation before creating pods, stopping workloads, or sending files.
A mounted pod filesystem may expose or allow changes to all files on the remote pod, including project files and secrets stored there.
The helper script mounts the entire remote pod filesystem as root. This matches the documented filesystem-mounting purpose, but it gives broad read/write access to the pod.
sshfs -p "$PORT" "root@$IP:/" "$MOUNT_PATH"
Mount only pods you trust, unmount when finished, and consider using a narrower mount path or read-only workflow when full root access is not needed.
Anyone or any agent using these configured credentials can act on the associated RunPod account and access pods over SSH.
The skill requires a RunPod API key and SSH keys to operate against the user's account and pods. This is purpose-aligned and disclosed, with no evidence of leaking those credentials.
runpodctl config --apiKey "your-api-key" **SSH Key:** runpodctl manages SSH keys in `~/.runpod/ssh/`
Use the least-privileged RunPod credentials available, protect the SSH private key, and rotate credentials if they may have been exposed.
The safety of RunPod operations partly depends on the locally installed runpodctl and SSHFS tooling.
The skill depends on an external CLI installed outside the package. This is central to the stated purpose, but users should verify the Homebrew tap and installed binary because there is no pinned install spec in the artifacts.
Requires runpodctl (brew install runpod/runpodctl/runpodctl).
Install runpodctl from the official RunPod source, keep it updated, and verify local dependencies such as sshfs before using the mount helper.